shell - 外网SSH通过非22端口进入内网,请问有没有可能通过使用避免暴露端口?
仅有的幸福
仅有的幸福 2017-04-26 09:01:24
0
3
683

问题是这样,想提供SSH访问,但IP不够多,所以采用端口映射,把一个IP的一个端口段都映射出去,但用户通过终端登录就必须加上端口号,像大家都知道的那样,这样会暴露端口:

$ssh -p ${port} root@${hostname}

那么请允许我贪心一点,能不能用某种方式,将参数p隐藏起来?比如反向代理什么的?

$ssh root@${domainname}

请问有没有这个可能性?

仅有的幸福
仅有的幸福

reply all(3)
刘奇

1. Yes. The knocking mechanism of ssh.
The address is
http://www.ibm.com/developerw...
but it is not commonly used.
(For individuals, denyhosts can also achieve the effect).

2. I’m glad you can consider this issue, but usually, enterprises only have one port open to the outside world, which is 80.
At the same time, they will provide a vpn server.
In addition, there is something called a bastion machine specifically used for ssh to other servers.

As my 213th answer, add a few links:

1. Springboard machine (with springboard machine open source address)
http://os.51cto.com/art/20140...

2. Bastion machine (springboard machine) + LDAP implementation series of articles
/a/11...

3.vpn, yes, it is best to have a layer of VPN outside the springboard
http://blog.cnezsoft.com/blog...

4.jumpserver
http://jumpserver.org/

淡淡烟草味

This is impossible. I have never heard of it being like this.

仅有的幸福

In fact, it doesn’t have to be so troublesome. You can use securecrt to log in to a server, and then access other machines through ssh proxy mode. It is equivalent to using the ssh protocol to access other intranet servers through an ssh agent. In this case, security can be greatly increased.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template