SSH 服务器不允许隧道

2024-6-14 • tag-icon

SSH 服务器不允许隧道

我写信是为了弄清楚为什么一台设备上的 SSH 服务器不允许隧道传输。这是 sshd_config，在我看来完全没问题。

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

PermitTunnel yes
PermitOpen localhost:324
GatewayPorts yes
AllowTcpForwarding yes

跑步时命令netstat -lptu，我的端口没有显示为监听状态。我做错了什么？

答案1

抱歉，我在另一个回答中得出了错误的结论。

这是一个关于 PuTTY 本地、远程和动态选项的问题：

https://serverfault.com/questions/272754/what-is-the-difference-between-local-remote-dynamic-ssh-tunneling

动态意味着打开本地端口并充当通过远程主机上的任何端口进行的各种连接的 SOCKS 代理。

如果您想打开远程主机上的端口以通过客户端转发内容，则需要使用具有适当目的地的远程选项。

答案2

您正在尝试以非 root 用户身份打开小于 1024 的端口。如果您以 root 身份登录 SSH 会话，我希望它能正常工作。

相关内容