document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-13 22:30:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19058 from lujun9972/add-MjAyMDA3MTcgSG93IHRvIGNvbmZpZ3VyZSBhbiBTU0ggcHJveHkgc2VydmVyIHdpdGggU3F1aWQubWQK

Browse Source 
自动选题[tech]: 20200717 How to configure an SSH proxy server with Squid
This commit is contained in:
Xingyu.Wang 2020-07-19 08:58:21 +08:00 committed by GitHub
commit 66b2464888
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 115 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
sources/tech/20200717 How to configure an SSH proxy server with Squid.md Normal file
View File

@ -0,0 +1,115 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to configure an SSH proxy server with Squid)
[#]: via: (https://fedoramagazine.org/configure-ssh-proxy-server/)
[#]: author: (Curt Warfield https://fedoramagazine.org/author/rcurtiswarfield/)
How to configure an SSH proxy server with Squid
======
![][1]
Sometimes you cant connect to an SSH server from your current location. Other times, you may want to add an extra layer of security to your SSH connection. In these cases connecting to another SSH server via a proxy server is one way to get through.
[Squid][2] is a full-featured proxy server application that provides caching and proxy services. Its normally used to help improve response times and reduce network bandwidth by reusing and caching previously requested web pages during browsing.
However for this setup youll configure Squid to be used as an SSH proxy server since its a robust trusted proxy server that is easy to configure.
### Installation and configuration
Install the squid package using [sudo][3]:
```
$ sudo dnf install squid -y
```
The squid configuration file is quite extensive but there are only a few things we need to configure. Squid uses access control lists to manage connections.
Edit the _/etc/squid/squid.conf_ file to make sure you have the two lines explained below.
First, specify your local IP network. The default configuration file already has a list of the most common ones but you will need to add yours if its not there. For example, if your local IP network range is 192.168.1.X, this is how the line would look:
```
acl localnet src 192.168.1.0/24
```
Next, add the SSH port as a safe port by adding the following line:
```
acl Safe_ports port 22
```
Save that file. Now enable and restart the squid proxy service:
```
$ sudo systemctl enable squid
$ sudo systemctl restart squid
```
4.) By default squid proxy listens on port 3128. Configure firewalld to allow for this:
```
$ sudo firewall-cmd --add-service=squid --perm
$ sudo firewall-cmd --reload
```
### Testing the ssh proxy connection
To connect to a server via ssh through a proxy server well be using netcat.
Install _nmap-ncat_ if its not already installed:
```
$ sudo dnf install nmap-ncat -y
```
Here is an example of a standard ssh connection:
```
$ ssh user@example.com
```
Here is how you would connect to that same server using the squid proxy server as a gateway.
This example assumes the squid proxy servers IP address is 192.168.1.63. You can also use the host-name or the FQDN of the squid proxy server:
```
$ ssh user@example.com -o "ProxyCommand nc --proxy 192.168.1.63:3128 %h %p"
```
Here are the meanings of the options:
* _ProxyCommand_ Tells ssh a proxy command is going to be used.
* _nc_ The command used to establish the connection to the proxy server. This is the netcat command.
* ***%***_h_ The placeholder for the proxy servers host-name or IP address.
* ***%***_p_ ****** The placeholder for the proxy servers port number.
There are many ways to configure an SSH proxy server but this is a simple way to get started.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/configure-ssh-proxy-server/
作者:[Curt Warfield][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/rcurtiswarfield/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2020/07/squid_ssh_proxy-816x345.png
[2]: http://www.squid-cache.org/
[3]: https://fedoramagazine.org/howto-use-sudo/