一、搭建SSH反向代理

准备：

局域网主机(虚拟主机)： 192.168.6.233   CentOS 6.7

阿里云服务器：120.25.68.60   CentOS 6.7

1. 阿里云服务器120.25.68.60上需要修改sshd_config配置文件：

[root@120.25.68.60 ~]# vi /etc/ssh/sshd_configGatewayPorts yes[root@120.25.68.60 ~]# service sshd reloadReloading sshd: [  OK  ]

2. 通过局域网虚拟机192.168.6.233 连接到120.25.68.60开启反向端口代理，输入阿里云服务器密码.

root@192.168.6.233:~ # ssh -CqTfnN -R 0.0.0.0:7233:192.168.6.233:22 root@120.25.68.60root@120.25.68.60's password:

3.在阿里云服务器120.25.68.60上可以看到这个监听.

[root@120.25.68.60 ~]# netstat -anp | grep7233tcp        000.0.0.0:72330.0.0.0:*                   LISTEN      2392/sshd  tcp        00 :::7233                     :::*                        LISTEN      2392/sshd

4.现在到其他客户机上连接阿里云服务器120.25.68.60的7233端口,输入局域网虚拟主机192.168.6.233的主机密码.

[root@192.168.4.194 ~]# ssh -p 7233 root@120.25.68.60root@120.25.68.60's password:Last login: Thu Mar 2411:01:152016 from 192.168.6.233[root@phpdragon_233 ~]# ifconfigeth0      Link encap:Ethernet  HWaddr 00:50:56:34:8B:4D          inet addr:192.168.6.233  Bcast:192.168.6.255  Mask:255.255.255.0          inet6 addr: fe80::250:56ff:fe34:8b4d/64 Scope:Link          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:1321125 errors:0 dropped:0 overruns:0 frame:0          TX packets:1232406 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000          RX bytes:450626290 (429.7 MiB)  TX bytes:273698355 (261.0 MiB)lo        Link encap:Local Loopback          inet addr:127.0.0.1  Mask:255.0.0.0          inet6 addr: ::1/128 Scope:Host          UP LOOPBACK RUNNING  MTU:65536  Metric:1          RX packets:524375 errors:0 dropped:0 overruns:0 frame:0          TX packets:524375 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:0          RX bytes:43705227 (41.6 MiB)  TX bytes:43705227 (41.6 MiB)

到这里反向代理的测试完成，功能OK.

二、反向代理无人值守化

1.设置局域网主机192.168.6.233免密码登录到阿里云120.25.68.60. 参见 http://www.cnblogs.com/phpdragon/p/4521116.html

ssh-keygen -t rsa -P ''scp ~/.ssh/id_rsa.pub root@120.25.68.60:/tmp/id_rsa.pub_233ssh -l root 120.25.68.60cat /tmp/id_rsa.pub_233 >> ~/.ssh/authorized_keys

2.阿里云服务器编写ssh代理关闭脚本 kill_ssh_agent.sh

#!/bin/shif [ -n "$1" ] && [ "$1" -gt "0" ];then    PID=$(netstat -anp | grep $1 | awk'/sshd/ && !/awk/{print $7}')    PID=${PID%%/*}    if [ -n "${PID}" ];then        kill -9 $PID && exit 0    fifiexit 1

3.客户端编写代理链接守护脚本 ssh_agent_deamon.sh

########################################################################## File Name: ssh_agent_deamon.sh# Author: phpdragon# mail: phpdragon@qq.com# Created Time: Thu 24 Mar 201601:55:49 PM CST##########################################################################!/bin/bashROMOTE_USERNAME=rootROMOTE_SERVER_IP="120.25.68.60"ROMOTE_PORT=7233 ###[ /sbin/ifconfig|sed -n '/inet addr/s/^[^:]*:\([0-9.]\{7,15\}\) .*/\1/p'|grep -v 127.0.0.1 ]LOCALHOST_IP=`/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk'{print $2}'|tr -d "addr:"`LOCALHOST_PORT=22whiletrue ;do    PID=$(ssh -l root ${ROMOTE_SERVER_IP}  netstat -anp | grep ${ROMOTE_PORT} | awk'/sshd/ && !/awk/{print $7}')    PID=${PID%%/*}    if [ -n "$PID" ] && [ "$PID" -gt "0" ];then        sleep 30s    else        /usr/bin/ssh -l root ${ROMOTE_SERVER_IP} /bin/sh /data/kill_ssh_agent.sh ${ROMOTE_PORT}        /usr/bin/ssh -CqTfnN -R 0.0.0.0:${ROMOTE_PORT}:${LOCALHOST_IP}:${LOCALHOST_PORT} ${ROMOTE_USERNAME}@${ROMOTE_SERVER_IP}    fidoneexit 0

4.设置ssh连接为长连接

vi /etc/ssh/sshd_config#每1分钟发送一个心跳信号给客户端ClientAliveInterval 60#最大超时次数,客户端不响应则关闭连接ClientAliveCountMax 3

5.设置为随机启动

vi /etc/rc.local/bin/sh /data/ssh_agent_deamon.sh &

到此设置完毕。