我有多台机器打开到我的服务器的反向 ssh 连接。每台机器都使用不同的反向 ssh 端口,我用它来区分机器。我使用这些隧道从服务器登录到机器(显然):
me@server:~$ ssh -p 2219 root@localhost
Last login: Sun Jun 7 00:18:44 2015 from localhost
root@remote_machine:~#
远程机器使用完全不同的访问技术(DSL、VSAT、GPRS/EDGE/3G/4G),因此反向 ssh 连接的耐用性有所不同 - 这显然就是问题所在。
这是nmap较长空闲期后列出的内容(即没有强制重新启动 ssh 隧道,请参见下文):
me@server:~$ sudo nmap -sS -p 1000-3000 --open localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2015-06-07 11:09 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000014s latency).
Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1
Not shown: 1988 closed ports
PORT STATE SERVICE
1133/tcp open unknown
1270/tcp open ssserver
1356/tcp open cuillamartin
1590/tcp open unknown
1760/tcp open unknown
1772/tcp open unknown
1823/tcp open unknown
1825/tcp open unknown
1842/tcp open unknown
1907/tcp open unknown
2078/tcp open unknown
2168/tcp open unknown
2185/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
me@server:~$
现在,连接太少了,所以让我们将它们全部杀死并等待外部连接回来:
me@server:~$ for i in $(ps axww|grep ssh_key_used_for_reverse_connctions|grep sshd|sed -e 's/^[ \t]*//'|cut -d " " -f 1); do sudo kill -9 $i; done
me@server:~$
好的,所有连接都消失了:
Starting Nmap 5.21 ( http://nmap.org ) at 2015-06-07 11:13 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000014s latency).
Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1
All 2002 scanned ports on localhost (127.0.0.1) are closed
Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
让我们等待(远程计算机每 30 秒尝试建立一个新连接),看看现在会发生什么:
me@server:~$ sudo nmap -sS -p 1000-3000 --open localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2015-06-07 11:14 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000015s latency).
Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1
Not shown: 1950 closed ports
PORT STATE SERVICE
1125/tcp open unknown
1129/tcp open unknown
1133/tcp open unknown
1155/tcp open unknown
1156/tcp open unknown
1157/tcp open unknown
1162/tcp open unknown
1176/tcp open unknown
1185/tcp open unknown
1198/tcp open unknown
1215/tcp open unknown
1269/tcp open unknown
1270/tcp open ssserver
1343/tcp open unknown
1345/tcp open unknown
1351/tcp open equationbuilder
1356/tcp open cuillamartin
1420/tcp open timbuktu-srv4
1432/tcp open blueberry-lm
1541/tcp open rds2
1590/tcp open unknown
1698/tcp open unknown
1743/tcp open unknown
1760/tcp open unknown
1772/tcp open unknown
1773/tcp open unknown
1812/tcp open unknown
1823/tcp open unknown
1825/tcp open unknown
1842/tcp open unknown
1859/tcp open unknown
1900/tcp open upnp
1907/tcp open unknown
2002/tcp open globe
2030/tcp open device2
2031/tcp open unknown
2032/tcp open unknown
2033/tcp open glogger
2035/tcp open imsldoc
2058/tcp open unknown
2078/tcp open unknown
2093/tcp open unknown
2159/tcp open unknown
2168/tcp open unknown
2169/tcp open unknown
2180/tcp open unknown
2185/tcp open unknown
2186/tcp open unknown
2219/tcp open unknown
2221/tcp open unknown
2228/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
me@server:~$
啊,好多了。
现在,我的问题是:即使在第一个场景中几乎没有开放连接,也ps axww|grep ssh_key_used_for_remote_connections|grep sshd|sed -e 's/^[ \t]*//'显示很多更多 ssh 连接实际上是打开的,因此连接似乎在后台默默地消失了在远程机器没有注意到的情况下。
A. 有没有更好的方法来实现反向 ssh 连接,例如我可能错过的任何 ssh 选项可以使远程计算机更好地注意到死连接/卡住连接?这是在远程计算机上运行以打开反向 ssh 隧道的脚本:
#!/bin/bash
while true
do
ssh -i /some/dir/reverse-ssh.key -o TCPKeepAlive=yes -o ServerAliveInterval=5 -o ServerAliveCountMax=3 -nNTv -R $(grep -o "[0-9][0-9][0-9][0-9]" /some/dir/id):localhost:22 [email protected]
sleep 30
done
所以我已经使用了-o TCPKeepAlive=yes -o ServerAliveInterval=5 -o ServerAliveCountMax=3。/some/dir/id保存一个四位数字,每台机器都将其用作反向 ssh 端口,从服务器的角度来看是反向 ssh 端口。
B、有没有更好的方法kill 仅有的反向连接无响应,保持所有“工作”连接完好无损?现在我把他们都杀了,但这看起来很粗鲁而且错误。ps不会让我看到端口 id,我需要以某种方式在我的服务器上建立反向 ssh 端口和 ssh PID 的连接。
我已经调查过了,autossh但这似乎重新做了我的脚本所做的事情(?)。
mosh这是不可能的,因为它使用 UDP 连接(通常根本无法通过)和 60000 以上的随机端口(也无法通过)。
答案1
这将向您展示使用隧道的过程:
netstat -tnp | grep :2219 | awk '{print $NF}'
我无法重现你的死连接,但这应该可以
for i in $(seq 2000 2030) do
if !nmap -p $i localhost
netstat -tnp | grep 2222 | grep '/ssh *$' | awk '{print $NF}' | sed -e 's#/ssh##' | xargs kill
fi
end
答案2
也许如果您更改客户端脚本以通过比较hostname本地命令与远程隧道hostname(相同的组件)来手动检查反向隧道状态:
#!/bin/bash
tunport=$(grep -o "[0-9][0-9][0-9][0-9]" /some/dir/id)
while true; do # -f (detached, foreground)
ssh -i /some/dir/reverse-ssh.key -fnNT -R $tunport:localhost:22 [email protected]
while true; do
if [ "$(hostname)" = "$(ssh -p $tunport rsuname@$srvip hostname)" ]; then
sleep 30
else # kill local and remote process
pkill -f "ssh .* -R $tunport:localhost"
ssh [email protected] "lsof -ti tcp:$tunport | xargs -r kill"
break # to tunnel re-init
fi
done
done
看起来像防弹解决方案,答案A和B,并且消除了对tcpkeepalive、客户端/服务器aliveInterval/countMax选项和管理干预的需要。