Reverse SSH with golang

huangapple go评论94阅读模式
英文:

Reverse SSH with golang

问题

我有一台服务器和一台远程计算机。现在我想通过SSH访问远程计算机,但可能它在NAT后面。这就是我想要反向SSH连接的原因之一。

思路是从远程计算机到服务器建立连接,并使用该连接从服务器到远程计算机进行SSH通信。

使用OpenSSH很容易实现这一点。从远程计算机上打开反向SSH隧道:

ssh -R 19999:localhost:22 user@192.168.0.10

现在我可以在服务器端使用以下命令:

ssh localhost -p 19999

我想通过go应用程序和go SSH库在远程计算机上实现相同的行为。服务器仍然使用OpenSSH,因此不应进行更改。

我知道如何通过go连接到计算机的SSH,但如何实现反向部分呢?

func main() {
    config := &ssh.ClientConfig{
        User: "vagrant",
        Auth: []ssh.AuthMethod{
            ssh.Password("vagrant"),
        },
    }

    conn, err := ssh.Dial("tcp", "192.168.0.10:22", config)
    if err != nil {
        panic("Failed to dial: " + err.Error())
    }
}
英文:

I have a server and a remote computer. Now I want to access the remote computer via SSH but it is possible that it is behind a NAT. That's one of the reasons I want a reverse SSH connection.

The idea is to establish a connection from the remote computer to the server and use this connection to communicate via SSH from the server to the remote computer.

With OpenSSH this is quite easy. From the remote computer I open the reverse SSH tunnel:

ssh- R 19999:localhost:22 user@192.168.0.10

Now I can use this from the server side with:

ssh localhost -p 19999

I want to achieve the same behavior with a go application and the go SSH library on the remote computer. The server will still use OpenSSH so it should not be changed.

I know how to connect to a computer via SSH from go but how can the reverse part be achieved?

func main() {
    config := &ssh.ClientConfig{
	    User: "vagrant",
	    Auth: []ssh.AuthMethod{
		    ssh.Password("vagrant"),
	    },
    }

    conn, err := ssh.Dial("tcp", "192.168.0.10:22", config)
    if err != nil {
	    panic("Failed to dial: " + err.Error())
    }
}

答案1

得分: 3

我找到了一个解决方案。OpenSSH会返回一个终端会话或者一个命令的输出,如果你提供了相应的参数。此外,它还允许你通过开放的隧道对连接进行服务器到客户端的身份验证。

为了支持这种行为,我需要将打开连接的监听器提供给远程端的一个用Go实现的SSH服务器。比我想象的要复杂,但是它可以工作。

我在这里找到了一个可行的示例服务器链接。我只需要将示例代码中的监听器替换为客户端连接上的监听器即可。

英文:

I found a solution. OpenSSH returns a terminal session or the output of a command if you supply one. Furthermore it allows you to authenticate the connection from the server to the client over the open tunnel.

To support this behavior I needed to supply the listener of the open connection to a ssh server implementet in go on the remote side. More complicated then I thought but it works.

I got a working example server here. I just need to exchange the listener in the example code for a listener on the client connection.

答案2

得分: 2

你可以使用Client.Listen(或Client.ListenTCP)在服务器上设置转发端口。

然后,你可以像处理其他网络监听器一样接受来自返回的监听器的连接。

英文:

You use Client.Listen (or Client.ListenTCP) to setup the forwarding port on the server.

You can then accept connections from the returned listener just as you would any other network listener.

huangapple
  • 本文由 发表于 2015年10月9日 22:15:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/33040563.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定