ssh：检查隧道是否存在

发布于 2024-08-16 08:08:11 字数 355 浏览 9 评论 0原文

我编写了一个小型 bash 脚本，它需要 ssh 隧道从远程服务器提取数据，因此它提示用户：

echo "Please open an ssh tunnel using 'ssh -L 6000:localhost:5432 example.com'"

我想检查用户是否打开了此隧道，如果不存在隧道，则退出并显示错误消息。有没有办法查询 ssh 隧道，即检查本地端口 6000 是否真的通过隧道连接到该服务器？

原文

I have written a small bash script which needs an ssh tunnel to draw data from a remote server, so it prompts the user:

echo "Please open an ssh tunnel using 'ssh -L 6000:localhost:5432 example.com'"

I would like to check whether the user had opened this tunnel, and exit with an error message if no tunnel exist. Is there any way to query the ssh tunnel, i.e. check if the local port 6000 is really tunneled to that server?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

╄→承喏 2024-08-23 08:08:11

Netcat 是你的朋友：

nc -z localhost 6000 || echo "no tunnel open"

Netcat is your friend:

nc -z localhost 6000 || echo "no tunnel open"

回复收藏 0 原文

℉絮湮 2024-08-23 08:08:11

这是我的测试。希望它有用。

# $COMMAND is the command used to create the reverse ssh tunnel
COMMAND="ssh -p $SSH_PORT -q -N -R $REMOTE_HOST:$REMOTE_HTTP_PORT:localhost:80 $USER_NAME@$REMOTE_HOST"

# Is the tunnel up? Perform two tests:

# 1. Check for relevant process ($COMMAND)
pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND

# 2. Test tunnel by looking at "netstat" output on $REMOTE_HOST
ssh -p $SSH_PORT $USER_NAME@$REMOTE_HOST netstat -an | egrep "tcp.*:$REMOTE_HTTP_PORT.*LISTEN" \
   > /dev/null 2>&1
if [ $? -ne 0 ] ; then
   pkill -f -x "$COMMAND"
   $COMMAND
fi

This is my test. Hope it is useful.

# $COMMAND is the command used to create the reverse ssh tunnel
COMMAND="ssh -p $SSH_PORT -q -N -R $REMOTE_HOST:$REMOTE_HTTP_PORT:localhost:80 $USER_NAME@$REMOTE_HOST"

# Is the tunnel up? Perform two tests:

# 1. Check for relevant process ($COMMAND)
pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND

# 2. Test tunnel by looking at "netstat" output on $REMOTE_HOST
ssh -p $SSH_PORT $USER_NAME@$REMOTE_HOST netstat -an | egrep "tcp.*:$REMOTE_HTTP_PORT.*LISTEN" \
   > /dev/null 2>&1
if [ $? -ne 0 ] ; then
   pkill -f -x "$COMMAND"
   $COMMAND
fi

回复收藏 0 原文

前事休说 2024-08-23 08:08:11

Autossh 是最好的选择 - 检查进程是否在所有情况下都工作（例如僵尸进程、网络相关问题）

示例：

autossh -M 2323 -c arcfour -f -N -L 8088:localhost:80 host2

Autossh is best option - checking process is not working in all cases (e.g. zombie process, network related problems)

example:

autossh -M 2323 -c arcfour -f -N -L 8088:localhost:80 host2

回复收藏 0 原文

帅哥哥的热头脑 2024-08-23 08:08:11

这实际上更像是一个服务器故障类型的问题，但您可以使用 netstat。

类似于：

 # netstat -lpnt | grep 6000 | grep ssh

这会告诉您是否有 ssh 进程正在侦听指定端口。它还会告诉你进程的 PID。

如果您确实想仔细检查 ssh 进程是否使用正确的选项启动，则可以通过 PID 查找该进程，例如

# ps aux | grep PID

This is really more of a serverfault-type question, but you can use netstat.

something like:

 # netstat -lpnt | grep 6000 | grep ssh

This will tell you if there's an ssh process listening on the specified port. it will also tell you the PID of the process.

If you really want to double-check that the ssh process was started with the right options, you can then look up the process by PID in something like

# ps aux | grep PID

回复收藏 0 原文

找回味觉 2024-08-23 08:08:11

使用 autossh。这是用于监控 ssh 连接的工具。

回复收藏 0 原文

雄赳赳气昂昂 2024-08-23 08:08:11

我们可以使用 ps 命令进行检查

# ps -aux | grep ssh

将显示所有正在运行的 shh 服务，我们可以找到列出的隧道服务

We can check using ps command

# ps -aux | grep ssh

Will show all shh service running and we can find the tunnel service listed

回复收藏 0 原文

别想她 2024-08-23 08:08:11

这些是测试 SSH 隧道或排除故障的更详细步骤。您可以在脚本中使用其中一些。我添加这个答案是因为我必须在两个应用程序停止工作后对其之间的链接进行故障排除。仅 grep 查找 ssh 进程是不够的，因为它仍然存在。而且我无法使用 nc -z ，因为该选项在我的 netcat 咒语中不可用。

让我们从头开始吧。假设有一台机器，称为本地，IP 地址为 10.0.0.1，另一台称为远程，IP 地址为 10.0.3.12。我将把这些主机名添加到下面的命令中，这样它们的执行位置就很明显了。

目标是创建一个隧道，将 TCP 流量从远程计算机上端口 123 上的环回地址转发到本地计算机上端口 456。这可以在本地计算机上使用以下命令来完成

local:~# ssh -N -R 123:127.0.0.1:456 10.0.3.12

：正在运行，我们可以这样做：

local:~# ps aux | grep ssh

如果您在输出中看到该命令，我们就可以继续。否则，请检查远程设备中是否安装了 SSH 密钥。请注意，排除远程 IP 之前的用户名会使 ssh 使用当前用户名。

接下来，我们要检查远程设备上的隧道是否打开：

remote:~# netstat | grep 10.0.0.1

我们应该得到与此类似的输出：

tcp  0  0  10.0.3.12:ssh  10.0.0.1:45988  ESTABLISHED

如果能够实际看到从远程设备到主机的一些数据，那就太好了。这就是 netcat 发挥作用的地方。在 CentOS 上，可以使用 yum install nc 安装它。

首先，在本地计算机上打开侦听端口：

local:~# nc -l 127.0.0.1:456

然后在远程上建立连接：

remote:~# nc 127.0.0.1 123

如果打开本地计算机的第二个终端，则可以看到该连接。像这样的东西：

local:~# netstat | grep 456
tcp  0  0 localhost.localdom:456 localhost.localdo:33826 ESTABLISHED
tcp  0  0 localhost.localdo:33826 localhost.localdom:456 ESTABLISHED

更好的是，继续在远程输入一些内容：

remote:~# nc 127.0.0.1 8888
Hallo?
anyone there?

您应该看到它被镜像到本地终端上：

local:~# nc -l 127.0.0.1:456
Hallo?
anyone there?

隧道正在工作！但是，如果您有一个名为 appname 的应用程序，该应用程序应该侦听本地计算机上的端口 456，该怎么办？终止两侧的 nc，然后运行您的应用程序。您可以使用 this：

local:~# netstat -tulpn | grep LISTEN | grep appname
tcp  0  0  127.0.0.1:456  0.0.0.0:* LISTEN  2964/appname

顺便说一下，在远程运行相同的命令应该显示 sshd 正在侦听端口 127.0.0.1:123。

These are more detailed steps to test or troubleshoot an SSH tunnel. You can use some of them in a script. I'm adding this answer because I had to troubleshoot the link between two applications after they stopped working. Just grepping for the ssh process wasn't enough, as it was still there. And I couldn't use nc -z because that option wasn't available on my incantation of netcat.

Let's start from the beginning. Assume there is a machine, which will be called local with IP address 10.0.0.1 and another, called remote, at 10.0.3.12. I will prepend these hostnames, to the commands below, so it's obvious where they're being executed.

The goal is to create a tunnel that will forward TCP traffic from the loopback address on the remote machine on port 123 to the local machine on port 456. This can be done with the following command, on the local machine:

local:~# ssh -N -R 123:127.0.0.1:456 10.0.3.12

To check that the process is running, we can do:

local:~# ps aux | grep ssh

If you see the command in the output, we can proceed. Otherwise, check that the SSH key is installed in the remote. Note that excluding the username before the remote IP, makes ssh use the current username.

Next, we want to check that the tunnel is open on the remote:

remote:~# netstat | grep 10.0.0.1

We should get an output similar to this:

tcp  0  0  10.0.3.12:ssh  10.0.0.1:45988  ESTABLISHED

Would be nice to actually see some data going through from the remote to the host. This is where netcat comes in. On CentOS it can be installed with yum install nc.

First, open a listening port on the local machine:

local:~# nc -l 127.0.0.1:456

Then make a connection on the remote:

remote:~# nc 127.0.0.1 123

If you open a second terminal to the local machine, you can see the connection. Something like this:

local:~# netstat | grep 456
tcp  0  0 localhost.localdom:456 localhost.localdo:33826 ESTABLISHED
tcp  0  0 localhost.localdo:33826 localhost.localdom:456 ESTABLISHED

Better still, go ahead and type something on the remote:

remote:~# nc 127.0.0.1 8888
Hallo?
anyone there?

You should see this being mirrored on the local terminal:

local:~# nc -l 127.0.0.1:456
Hallo?
anyone there?

The tunnel is working! But what if you have an application, called appname, which is supposed to be listening on port 456 on the local machine? Terminate nc on both sides then run your application. You can check that it's listening on the correct port with this:

local:~# netstat -tulpn | grep LISTEN | grep appname
tcp  0  0  127.0.0.1:456  0.0.0.0:* LISTEN  2964/appname

By the way, running the same command on the remote should show sshd listening on port 127.0.0.1:123.

回复收藏 0 原文

电影里的梦 2024-08-23 08:08:11

#!/bin/bash

# Check do we have tunnel to example.com server
lsof -i tcp@localhost:6000 > /dev/null

# If exit code wasn't 0 then tunnel doesn't exist.
if [ $? -eq 1 ]
then
  echo ' > You missing ssh tunnel. Creating one..'
  ssh -L 6000:localhost:5432 example.com
fi

echo ' > DO YOUR STUFF < '

#!/bin/bash

# Check do we have tunnel to example.com server
lsof -i tcp@localhost:6000 > /dev/null

# If exit code wasn't 0 then tunnel doesn't exist.
if [ $? -eq 1 ]
then
  echo ' > You missing ssh tunnel. Creating one..'
  ssh -L 6000:localhost:5432 example.com
fi

echo ' > DO YOUR STUFF < '

回复收藏 0 原文