mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
geekpi
GitHub
commit
9bb72e96df
@ -1,115 +0,0 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (geekpi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (How to configure an SSH proxy server with Squid)
|
||||
[#]: via: (https://fedoramagazine.org/configure-ssh-proxy-server/)
|
||||
[#]: author: (Curt Warfield https://fedoramagazine.org/author/rcurtiswarfield/)
|
||||
|
||||
How to configure an SSH proxy server with Squid
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
Sometimes you can’t connect to an SSH server from your current location. Other times, you may want to add an extra layer of security to your SSH connection. In these cases connecting to another SSH server via a proxy server is one way to get through.
|
||||
|
||||
[Squid][2] is a full-featured proxy server application that provides caching and proxy services. It’s normally used to help improve response times and reduce network bandwidth by reusing and caching previously requested web pages during browsing.
|
||||
|
||||
However for this setup you’ll configure Squid to be used as an SSH proxy server since it’s a robust trusted proxy server that is easy to configure.
|
||||
|
||||
### Installation and configuration
|
||||
|
||||
Install the squid package using [sudo][3]:
|
||||
|
||||
```
|
||||
$ sudo dnf install squid -y
|
||||
```
|
||||
|
||||
The squid configuration file is quite extensive but there are only a few things we need to configure. Squid uses access control lists to manage connections.
|
||||
|
||||
Edit the _/etc/squid/squid.conf_ file to make sure you have the two lines explained below.
|
||||
|
||||
First, specify your local IP network. The default configuration file already has a list of the most common ones but you will need to add yours if it’s not there. For example, if your local IP network range is 192.168.1.X, this is how the line would look:
|
||||
|
||||
```
|
||||
acl localnet src 192.168.1.0/24
|
||||
```
|
||||
|
||||
Next, add the SSH port as a safe port by adding the following line:
|
||||
|
||||
```
|
||||
acl Safe_ports port 22
|
||||
```
|
||||
|
||||
Save that file. Now enable and restart the squid proxy service:
|
||||
|
||||
```
|
||||
$ sudo systemctl enable squid
|
||||
$ sudo systemctl restart squid
|
||||
```
|
||||
|
||||
4.) By default squid proxy listens on port 3128. Configure firewalld to allow for this:
|
||||
|
||||
```
|
||||
$ sudo firewall-cmd --add-service=squid --perm
|
||||
$ sudo firewall-cmd --reload
|
||||
```
|
||||
|
||||
### Testing the ssh proxy connection
|
||||
|
||||
To connect to a server via ssh through a proxy server we’ll be using netcat.
|
||||
|
||||
Install _nmap-ncat_ if it’s not already installed:
|
||||
|
||||
```
|
||||
$ sudo dnf install nmap-ncat -y
|
||||
```
|
||||
|
||||
Here is an example of a standard ssh connection:
|
||||
|
||||
```
|
||||
$ ssh user@example.com
|
||||
```
|
||||
|
||||
Here is how you would connect to that same server using the squid proxy server as a gateway.
|
||||
|
||||
This example assumes the squid proxy server’s IP address is 192.168.1.63. You can also use the host-name or the FQDN of the squid proxy server:
|
||||
|
||||
```
|
||||
$ ssh user@example.com -o "ProxyCommand nc --proxy 192.168.1.63:3128 %h %p"
|
||||
```
|
||||
|
||||
Here are the meanings of the options:
|
||||
|
||||
* _ProxyCommand_ – Tells ssh a proxy command is going to be used.
|
||||
|
||||
|
||||
* _nc_ – The command used to establish the connection to the proxy server. This is the netcat command.
|
||||
|
||||
|
||||
* ***%***_h_ – The placeholder for the proxy server’s host-name or IP address.
|
||||
|
||||
|
||||
* ***%***_p_ ******– The placeholder for the proxy server’s port number.
|
||||
|
||||
|
||||
|
||||
There are many ways to configure an SSH proxy server but this is a simple way to get started.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/configure-ssh-proxy-server/
|
||||
|
||||
作者:[Curt Warfield][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/rcurtiswarfield/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2020/07/squid_ssh_proxy-816x345.png
|
||||
[2]: http://www.squid-cache.org/
|
||||
[3]: https://fedoramagazine.org/howto-use-sudo/
|
||||
@ -0,0 +1,115 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (geekpi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (How to configure an SSH proxy server with Squid)
|
||||
[#]: via: (https://fedoramagazine.org/configure-ssh-proxy-server/)
|
||||
[#]: author: (Curt Warfield https://fedoramagazine.org/author/rcurtiswarfield/)
|
||||
|
||||
如何使用 Squid 配置 SSH 代理服务器
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
有时你无法从本地连接到 SSH 服务器。还有时,你可能想为 SSH 连接添加额外的安全层。在这些情况下,通过代理服务器连接到另一台 SSH 服务器是一种解决方式。
|
||||
|
||||
[Squid][2] 是提供缓存和代理服务的全功能代理服务器应用。通常通过在浏览过程中重用和缓存以前请求的网页来帮助缩短响应时间并减少网络带宽。
|
||||
|
||||
但是在本篇中,你将配置 Squid 作为 SSH 代理服务器,因为它是易于配置的强大的受信任代理服务器。
|
||||
|
||||
### 安装和配置
|
||||
|
||||
使用 [sudo][3] 安装 squid 软件包:
|
||||
|
||||
```
|
||||
$ sudo dnf install squid -y
|
||||
```
|
||||
|
||||
squid 配置文件非常广泛,但是我们只需要配置其中一些。Squid 使用访问控制列表来管理连接。
|
||||
|
||||
编辑 _/etc/squid/squid.conf_ 文件,确保你有下面解释的两行。
|
||||
|
||||
首先,指定你的本地 IP 网络。默认配置文件已经列出了最常用的,但是如果没有,你需要添加你的配置。例如,如果你的本地 IP 网络范围是 192.168.1.X,那么这行会是这样:
|
||||
|
||||
```
|
||||
acl localnet src 192.168.1.0/24
|
||||
```
|
||||
|
||||
接下来,添加以下行,将 SSH 端口添加为安全端口:
|
||||
|
||||
```
|
||||
acl Safe_ports port 22
|
||||
```
|
||||
|
||||
保存该文件。现在启用并重启 squid 代理服务:
|
||||
|
||||
```
|
||||
$ sudo systemctl enable squid
|
||||
$ sudo systemctl restart squid
|
||||
```
|
||||
|
||||
squid 代理默认监听 3128 端口。配置 firewalld 允许此服务:
|
||||
|
||||
```
|
||||
$ sudo firewall-cmd --add-service=squid --perm
|
||||
$ sudo firewall-cmd --reload
|
||||
```
|
||||
|
||||
### 测试 ssh 代理连接
|
||||
|
||||
要通过 ssh 代理服务器连接到服务器,我们将使用 netcat。
|
||||
|
||||
如果尚未安装 _nmap-ncat_,请安装它:
|
||||
|
||||
```
|
||||
$ sudo dnf install nmap-ncat -y
|
||||
```
|
||||
|
||||
这是标准 ssh 连接示例:
|
||||
|
||||
```
|
||||
$ ssh user@example.com
|
||||
```
|
||||
|
||||
这是使用 squid 代理服务器作为网关连接到该服务器的方式。
|
||||
|
||||
此示例假定 squid 代理服务器的 IP 地址为 192.168.1.63。你还可以使用 squid 代理服务器的主机名或 FQDN:
|
||||
|
||||
```
|
||||
$ ssh user@example.com -o "ProxyCommand nc --proxy 192.168.1.63:3128 %h %p"
|
||||
```
|
||||
|
||||
以下是这些选项的含义:
|
||||
|
||||
* _ProxyCommand_ – 告诉 ssh 使用代理命令。
|
||||
|
||||
|
||||
* _nc_ – 用于建立与代理服务器连接的命令。这是 netcat 命令。
|
||||
|
||||
|
||||
* **%**_h_ – 代理服务器的主机名或 IP 地址的占位符。
|
||||
|
||||
|
||||
* **%**_p_ – 代理服务器端口号的占位符。
|
||||
|
||||
|
||||
|
||||
有很多方法可以配置 SSH 代理服务器,但这是入门的简单方法。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/configure-ssh-proxy-server/
|
||||
|
||||
作者:[Curt Warfield][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[geekpi](https://github.com/geekpi)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/rcurtiswarfield/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2020/07/squid_ssh_proxy-816x345.png
|
||||
[2]: http://www.squid-cache.org/
|
||||
[3]: https://fedoramagazine.org/howto-use-sudo/
|
||||
Loading…
Reference in New Issue
Block a user