创建具有处理远程转发能力的节点 SSH2 服务器
Create a Node SSH2 Server with ability to treat Remote Forwarding
在研究了 staskoverflow、Google 和官方 Node SSH2 repository 之后,我仍然无法创建一个支持远程端口转发的 Node SSH2 服务器...
实际上,我可以使用远程服务器上的标准 SSH 守护程序和客户端上的此命令来做我想做的事情:
ssh -R 8100:localsite.tld:80 sub.distantserver.com
来自 sub.distantserver.com:8100 的所有流量都重定向到 localsite.tld:80。 (端口 22,传统 SSH 守护进程)。
我唯一的目标是通过端口 21 上的节点 SSH2 服务器实现此目的:
ssh -R 8100:localsite.tld:80 foo@sub.distantserver.com -p 21
password: bar
当它起作用时,我可以对用户进行一些检查并启动一些其他进程 ;)
基于官方 Github 问题示例,我尝试了这样的事情,就像 POC 一样捕获流,但它在不存在的 forwardIn
上失败。
var fs = require('fs');
var crypto = require('crypto');
var inspect = require('util').inspect;
var buffersEqual = require('buffer-equal-constant-time');
var ssh2 = require('ssh2');
var utils = ssh2.utils;
new ssh2.Server({
hostKeys: [fs.readFileSync('/etc/ssh/ssh_host_rsa_key')]
}, function(client) {
console.log('Client connected!');
client.on('authentication', function(ctx) {
if (ctx.method === 'password'
&& ctx.username === 'foo'
&& ctx.password === 'bar')
ctx.accept();
else
ctx.reject();
}).on('ready', function() {
console.log('Client authenticated!');
client.on('session', function(accept, reject) {
var session = accept();
session.once('exec', function(accept, reject, info) {
console.log('Client wants to execute: ' + inspect(info.command));
var stream = accept();
stream.stderr.write('Oh no, the dreaded errors!\n');
stream.write('Just kidding about the errors!\n');
stream.exit(0);
stream.end();
});
});
client.on('request', function(accept, reject, name, info) {
console.log(info);
if (name === 'tcpip-forward') {
accept();
setTimeout(function() {
console.log('Sending incoming tcpip forward');
client.forwardIn(info.bindAddr,
info.bindPort,
function(err, stream) {
if (err)
return;
stream.end('hello world\n');
});
}, 1000);
} else {
reject();
}
});
});
}).listen(21, '0.0.0.0', function() {
console.log('Listening on port ' + this.address().port);
});
有人知道如何实现简单的常规 SSH 转发服务器端吗?
谢谢!
在作者的帮助下找到了解决方案:
Official Github solution on issue
let fs = require('fs'),
inspect = require('util').inspect,
ssh2 = require('ssh2'),
net = require('net');
new ssh2.Server({
hostKeys: [fs.readFileSync('/etc/ssh/ssh_host_rsa_key')]
}, client => {
console.log('Client connected!');
client
.on('authentication', ctx => {
if (
ctx.method === 'password'
&& ctx.username === 'foo'
&& ctx.password === 'bar'
) {
ctx.accept();
} else {
ctx.reject();
}
})
.on('ready', () => {
console.log('Client authenticated!');
client
.on('session', (accept, reject) => {
let session = accept();
session.on('shell', function(accept, reject) {
let stream = accept();
});
})
.on('request', (accept, reject, name, info) => {
if (name === 'tcpip-forward') {
accept();
net.createServer(function(socket) {
socket.setEncoding('utf8');
client.forwardOut(
info.bindAddr, info.bindPort,
socket.remoteAddress, socket.remotePort,
(err, upstream) => {
if (err) {
socket.end();
return console.error('not working: ' + err);
}
upstream.pipe(socket).pipe(upstream);
});
}).listen(info.bindPort);
} else {
reject();
}
});
});
}).listen(21, '0.0.0.0', function() {
console.log('Listening on port ' + server.address().port);
});
在研究了 staskoverflow、Google 和官方 Node SSH2 repository 之后,我仍然无法创建一个支持远程端口转发的 Node SSH2 服务器...
实际上,我可以使用远程服务器上的标准 SSH 守护程序和客户端上的此命令来做我想做的事情:
ssh -R 8100:localsite.tld:80 sub.distantserver.com
来自 sub.distantserver.com:8100 的所有流量都重定向到 localsite.tld:80。 (端口 22,传统 SSH 守护进程)。
我唯一的目标是通过端口 21 上的节点 SSH2 服务器实现此目的:
ssh -R 8100:localsite.tld:80 foo@sub.distantserver.com -p 21
password: bar
当它起作用时,我可以对用户进行一些检查并启动一些其他进程 ;)
基于官方 Github 问题示例,我尝试了这样的事情,就像 POC 一样捕获流,但它在不存在的 forwardIn
上失败。
var fs = require('fs');
var crypto = require('crypto');
var inspect = require('util').inspect;
var buffersEqual = require('buffer-equal-constant-time');
var ssh2 = require('ssh2');
var utils = ssh2.utils;
new ssh2.Server({
hostKeys: [fs.readFileSync('/etc/ssh/ssh_host_rsa_key')]
}, function(client) {
console.log('Client connected!');
client.on('authentication', function(ctx) {
if (ctx.method === 'password'
&& ctx.username === 'foo'
&& ctx.password === 'bar')
ctx.accept();
else
ctx.reject();
}).on('ready', function() {
console.log('Client authenticated!');
client.on('session', function(accept, reject) {
var session = accept();
session.once('exec', function(accept, reject, info) {
console.log('Client wants to execute: ' + inspect(info.command));
var stream = accept();
stream.stderr.write('Oh no, the dreaded errors!\n');
stream.write('Just kidding about the errors!\n');
stream.exit(0);
stream.end();
});
});
client.on('request', function(accept, reject, name, info) {
console.log(info);
if (name === 'tcpip-forward') {
accept();
setTimeout(function() {
console.log('Sending incoming tcpip forward');
client.forwardIn(info.bindAddr,
info.bindPort,
function(err, stream) {
if (err)
return;
stream.end('hello world\n');
});
}, 1000);
} else {
reject();
}
});
});
}).listen(21, '0.0.0.0', function() {
console.log('Listening on port ' + this.address().port);
});
有人知道如何实现简单的常规 SSH 转发服务器端吗?
谢谢!
在作者的帮助下找到了解决方案: Official Github solution on issue
let fs = require('fs'),
inspect = require('util').inspect,
ssh2 = require('ssh2'),
net = require('net');
new ssh2.Server({
hostKeys: [fs.readFileSync('/etc/ssh/ssh_host_rsa_key')]
}, client => {
console.log('Client connected!');
client
.on('authentication', ctx => {
if (
ctx.method === 'password'
&& ctx.username === 'foo'
&& ctx.password === 'bar'
) {
ctx.accept();
} else {
ctx.reject();
}
})
.on('ready', () => {
console.log('Client authenticated!');
client
.on('session', (accept, reject) => {
let session = accept();
session.on('shell', function(accept, reject) {
let stream = accept();
});
})
.on('request', (accept, reject, name, info) => {
if (name === 'tcpip-forward') {
accept();
net.createServer(function(socket) {
socket.setEncoding('utf8');
client.forwardOut(
info.bindAddr, info.bindPort,
socket.remoteAddress, socket.remotePort,
(err, upstream) => {
if (err) {
socket.end();
return console.error('not working: ' + err);
}
upstream.pipe(socket).pipe(upstream);
});
}).listen(info.bindPort);
} else {
reject();
}
});
});
}).listen(21, '0.0.0.0', function() {
console.log('Listening on port ' + server.address().port);
});