Archive

Posts Tagged ‘SSH’

利用SSH实现加密代理

April 20th, 2009 BianJiang No comments

1. linux/unix
OpenSSH 支持SOCKS4和SOCKS5, 我们可以通过参数 -D 在本地创建一个代理端口. 例如:

ssh -D  12345 myuser@remote_ssh_server

我们已经在本地创建的一个SOCKS的端口12345, 现在你可以通过修改你的IE, Firefox 中的连接方式来用代理上网。比如:

IP 改为 127.0.0.1
端口: 12345
方式改为: SOCKS5

这样我们就可以继续访问 youtube 了。
2. 如果是windows 可以使用 putty的后台命令行程序plink(http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)

plink -N username@remote.ssh.server -D 127.0.0.1:7070

其中 -N 表示不需要shell
username@remote.ssh.server 换成你ssh帐户名和主机域名或者地址
或者替换成 -load sessionname 也可以,用dreamhost上的帐号试了一下,真的很快
如果你用的是 Firefox 可以用SwitchProxy(https://addons.mozilla.org/en-US/firefox/addon/125), 非常方便的切换。
ssh -D 参数的描述:

-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding.  This works by allocating a
socket to listen to port on the local side, optionally bound to the specified bind_address.
Whenever a connection is made to this port, the connection is forwarded over the secure chan-
nel, and the application protocol is then used to determine where to connect to from the
remote machine.  Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as
a SOCKS server.  Only root can forward privileged ports.  Dynamic port forwardings can also
be specified in the configuration file.

IPv6 addresses can be specified with an alternative syntax: [bind_address/]port or by enclos-
ing the address in square brackets.  Only the superuser can forward privileged ports.  By
default, the local port is bound in accordance with the GatewayPorts setting.  However, an
explicit bind_address may be used to bind the connection to a specific address.  The
bind_address of “localhost” indicates that the listening port be bound for local use only,
while an empty address or ‘*’ indicates that the port should be available from all inter-
faces.

3.摘自chedong.com

ssh -qTfnN -D 7070 remotehost.

All the added options are for a ssh session that’s used for tunneling.

-q :- be very quite, we are acting only as a tunnel.
-T :- Do not allocate a pseudo tty, we are only acting a tunnel.
-f :- move the ssh process to background, as we don’t want to interact with this ssh session directly.
-N :- Do not execute remote command.
-n :- redirect standard input to /dev/null.

Links:
1. Use ssh create http proxy (http://www.linuxjournal.com/content/use-ssh-create-http-proxy)
2. http://www.chedong.com/blog/archives/001246.html
3. Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
Bian Jiang
http://www.wifihack.net

–EOF–

Categories: Tech.Notes Tags: , , , , ,

Cross Compile SSH Server Dropbear For ARM

August 15th, 2008 BianJiang No comments

编译环境

  • ubuntu 8.04
  • gcc 4.2.3
  • arm_v5t_le-gcc 3.4.3

所需软件

编译过程

编译zlib:

wget http://www.zlib.net/zlib-1.2.3.tar.gz
tar zxvf zlib-1.2.3.tar.gz
mkdir zlib
cd zlib-1.2.3/
CC=arm_v5t_le-gcc ./configure --prefix=/home/border/work/SMG/build-tools/zlib
make
make install

编译dropbear:

wget http://matt.ucc.asn.au/dropbear/releases/dropbear-0.51.tar.gz
tar zxvf dropbear-0.51.tar.gz
mkdir dropbear-build
cd dropbear-build/
mkdir build
../dropbear-0.51/configure --prefix=/home/border/work/SMG/build-tools/dropbear-build/build/ \
    --with-zlib=/home/border/work/SMG/build-tools/zlib/ CC=arm_v5t_le-gcc --host=arm
make
make scp
sudo make install
sudo cp scp build/bin/

其中的scp需要单独编译,然后用把编译好的scp复制到build/bin目录下。

在交叉编译好的程序要使用 file 之类的工具检查一下是否为目标机器的程序:

border@b0rder:~/work/SMG/build-tools/dropbear-build$ file scp
scp: ELF 32-bit LSB executable, ARM, version 1 (SYSV), for GNU/Linux 2.4.17,
dynamically linked (uses shared libs), not stripped

编译好的文件目录结构为:

border@b0rder:~/work/SMG/build-tools/dropbear-build/build$ tree
.
|-- bin
|   |-- dbclient
|   |-- dropbearconvert
|   |-- dropbearkey
|   `-- scp
`-- sbin
    `-- dropbear

生成server key:

cd /etc
mkdir dropbear
cd dropbear
dropbearkey -t rsa -f dropbear_rsa_host_key
dropbearkey -t dss -f dropbear_dss_host_key

启动脚本

把build目录拷贝到ARM机器上, 在启动脚步/etc/init.d/rcS中增加:

dropbear

– EOF –

Categories: Embedded Tags: , , ,