干什么用的:
A机器ssh到B机器, 创建一个隧道, 通过这个隧道, A机器可以访问任何B机器能访问到的端口, (这个称为本地转发)
或者反过来, 通过这个隧道, B机器可以访问到A机器能访问的任何端口, (这个称为远程转发)
实现方式:
1. 本地转发:
在A机器上执行命令:
ssh -L [bind_address:]port:host:hostport userB@ipB
其中 bind_address只能为localhost或者*, 填其他没有意义
这时在A上另外开一个shell, 所有connect bind_address:port 的连接, 都会通过B机器 连接到 host:hostport
2. 远程转发
在A机器上执行
ssh -R [bind_address:]port:host:hostport userB@ipB
这时, 在B上, 所有connect bind_address:port的连接, 都会通过A机器, 连接到host:hostport
其实感觉man ssh上面说的更清楚, 但是百度上一直各种以讹传讹, 写个帖子希望有人能看到
附man ssh:
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.
This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address.
Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made
to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file.
-R [bind_address:]port:host:hostport
Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side.
This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port,
the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local
machine.