When the server is successfully configured, it is found that there is no public IP address. The server without public IP address cannot be accessed from the Internet. In order to solve this problem, we can only buy a cloud server for Intranet penetration, and then we will talk about the whole process of Intranet penetration. The general principle of this process is shown below:
Cloud server purchase configuration
I bought is ali cloud cloud server, now with students through the preferential answer can also white piao half a year, general personal use will choose ordinary ECS, according to ali cloud official website configuration instructions to create instances.
Security Group Configuration
Enter the server management page for the server in the instance list.
Then configure security group rules
After this part is configured, you can enter the cloud server from the public IP address provided by Ali Cloud for configuration.
Cloud Server Configuration
The cloud server I choose is a CentOS 7 system. First, open the required ports in the system and input them in the terminal
Iptables -I INPUT -p TCP --dport [port number to open] -j ACCEPTCopy the codeAfter the input
iptables -nL
Copy the codeCheck whether port 2110 is opened successfully. If the following information is displayed, the port is opened successfully
Then, run the following command to configure the SSH service: /etc/ssh/sshd_config
vi /etc/ssh/sshd_config
Copy the codeEnter the SSH configuration file and modify the following parameters. Some parameters are commented out by default
Authorizedkeysfile. SSH /authorized_keys # AddressFamily any # Listen for requests from any address ListenAddress 0.0.0.0 # AllowAgentForwarding yes # AllowAgentForwarding yes GatewayPorts yesCopy the codeAfter completing the above steps, the cloud server is configured.
Local Server Configuration
Once the cloud server is configured, it’s time to configure the local server.
The SSH configuration file must also be configured on the local server. Perform the following operations in the same location as that on the cloud server
SSH /authorized_keys # Specify the path to store the public/private keyCopy the codeIf you do not generate an SSH key, you can perform the following steps to generate an SSH key
#The ungenerated key starts hereThe public key is id_rsa.pub, the private key is id_rsa, and the storage path is /home/username/.ssh#The key has been generated from hereCat id_rsa.pub >> authorized_keys # add the generated public key to authorized_keys. B ssh-copy-id [cloud server]@[public IP address of cloud server] # Add the public key to the authorized_keys file of server A to enable the password-free login of server B. A service SSHD restartCopy the codeThen run the following command to test whether the local server can log in to the cloud server without password
SSH [Cloud server username]@[Public IP address of the cloud server]Copy the codeAfter that, press CTRL + D to exit the cloud server and enter the following command on the local server
Ssh-fnr [cloud server port for forwarding]:[Intranet SERVER IP address of Intranet server B]:[SSH port of Intranet server (usually 22)] [Cloud server login username]@[CLOUD server IP address] -p [CLOUD server SSH port (usually 22)] "vmstat 30" For example, run the ssh-fnr 8387:127.0.0.1:22 [email protected] -p 22 "vmstat 30" command to send the vmstat command every 30 seconds.Copy the codeAfter completion, you can use any network device to connect to the cloud server in SSH mode to connect to the local server for testing
SSH [User name for logging in to the Intranet server]@[IP address of the cloud server] -p [User-defined port for forwarding on the cloud server]Copy the codeThe configuration is complete. However, because the tunnel established by using SSH is very unstable, you need to set up a script to be executed periodically on the local server to monitor the remote port and rebuild the tunnel automatically
Create a remote port monitoring script autossh.sh in any directory. The function of this script is to check whether remote port forwarding is enabled, then enable it. And output the log file in the directory where the script resides. The following is an example script
#! /bin/bash
#The first line is used to select the compilerPIDS = ` ps - ef | grep "SSH - fNR 2110 | grep -v grep | awk '{print $2}' ` # IP lookup to monitor process pid = ` IP addr | grep 192.168.1 | grep -v Grep | awk '{print $2}' | awk - F '/' '{print $1}' ` # find local network IP if [-z "$PIDS"]. $root@ "vmstat 30" # start SSH my friend 2110: 'date' >> Nc-w 3 -z [cloud server public IP address] [] > [monitoring script directory]/null 2>&1 # Check whether the channel is connected if [$? -ne 0]; If the last command output is 0, Sudo kill -9 $PIDS # Kill ssh-fnr :$IP:22 root@[public IP address of cloud server] "vmstat 30" # Restart the process echo "kill and Fi fi echo $IP echo $PIDS echo $PIDS echo $PIDSCopy the codeScheduled task configuration file In /etc/crontab, go to the file and edit it. Add the following text in the last line to indicate that autossh.sh is executed every minute
*/1 * * * * [Monitoring script directory]/autossh.shCopy the codeAt this point, the entire setup work is complete, and then you can happily access the server with the external network