(1) 对于远程转发:
-R [bind_address:]port:host:hostport
Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by
allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the
secure channel, and a connection is made to host port hostport from the local machine.
Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the
remote machine. IPv6 addresses can be specified by enclosing the address in square brackets.
By default, the listening socket on the server will be bound to the loopback interface only. This may be overridden by specifying a
bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a
remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).
If the port argument is ‘0’, the listen port will be dynamically allocated on the server and reported to the client at run time. When used
together with -O forward the allocated port will be printed to the standard output.
hostport
指定在目标上运行的目标进程的连接端点host
。
是port
一个连接端点
- 在 SSH 服务器进程中,或者
- 在与 SSH 服务器相同的源主机上运行的进程中,并且希望通过将自身附加到 来使用 SSH 隧道
port
?
(我的猜测是后者)
(2) 对于本地转发:
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by
allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to
this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port
forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets.
Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However,
an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listen‐
ing port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.
hostport
指定在目标上运行的目标进程的连接端点host
。
是port
一个连接端点
- 在 SSH 客户端进程中或
- 在与 SSH 客户端运行在同一源主机上的进程中,并且希望通过将自身附加到 来使用 SSH 隧道
port
?
(我的猜测是后者)
(3) 对于 SOCKS 代理:
-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, option‐
ally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel,
and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols
are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in
the configuration file.
IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default,
the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to
a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or
‘*’ indicates that the port should be available from all interfaces.
是port
一个连接端点
- 在SSH客户端进程中,
- 在 SSH SOCKS 服务器中,或者
- 在与 SSH 客户端运行在同一主机上并希望通过连接到使用 SOCKS 服务器的进程中
port
?
(我的猜测是第二个。我想这不是第一个,因为 SSH 客户端有自己的默认端口。我不确定第三个)
答案1
这些草图应该可以帮助您回答所有问题:https://unix.stackexchange.com/a/118650/121504
但明确回答你的问题:
对于远程转发:
port
是 SSH 服务器中的连接端点。对于本地转发:
port
是 SSH 客户端进程中的连接端点对于 SOCKS 代理:
port
是 SSH 客户端进程中的连接端点
但更多的视觉解释实际上是上面链接的草图。但总结一下:
这第一的端口(对于 SOCK 代理来说是唯一的)是总是这自由港您将使用下一步进行连接。这其他port 是 所在的端口运行您现有的服务。
编辑:
如果我理解真正的问题是什么,更容易找出的事情是使用lsof
.您的端口在我的示例中12345
:
对于远程转发:
[local ] $ ssh -R 12345:localhost:22 remote
[remote] $ lsof -P | grep 12345
sshd 27772 root 7u IPv6 1304283702 0t0 TCP localhost:12345 (LISTEN)
sshd 27772 root 8u IPv4 1304283703 0t0 TCP localhost.localdomain:12345 (LISTEN)
对于本地转发:
[local] $ ssh -L 12345:localhost:22 remote
[local] $ lsof -p $(pidof ssh) -P | grep 12345
ssh 6779 jakuje 4u IPv6 146565 0t0 TCP ip6-localhost:12345 (LISTEN)
ssh 6779 jakuje 5u IPv4 146566 0t0 TCP localhost:12345 (LISTEN)
对于动态端口转发:
[local] $ ssh -D 12345 [email protected]
[local] $ lsof -p $(pidof ssh) -P | grep 12345
ssh 11388 jakuje 4u IPv6 173537 0t0 TCP ip6-localhost:12345 (LISTEN)
ssh 11388 jakuje 5u IPv4 173538 0t0 TCP localhost:12345 (LISTEN)