ssh的代理，之前是通过haproxy实现

前提是：被控的ssh端具备公网地址和开放的端口（开放的端口上运行haproxy,将TCP从开放的端口转到sshd端口上）。后来想了一下很多环境是无法实现这样的前提条件的，毕竟能给出公网IP和端口资源的不多。

既然上述方案有缺陷，那就讲讲现在的内网穿透。frp，这个工具的原理，是在代理的机器（不是被控端），开启frq的服务端，然后在内网机器被控端（可以访问公网，能够与代理的机器frq的服务端建立连接），安装frq的客户端，这样就可以通过访问代理的机器和转发端口实现对内网的机器进行一个反向访问，这个网络条件一般都具备，就是被控端可以访问公网。

wget https://github.com/fatedier/frp/releases/download/v0.8.1/frp_0.8.1_linux_amd64.tar.gz 【服务端】

tar -zxvf frp_0.8.1_linux_amd64.tar.gz

cd frp_0.8.1_linux_amd64

rm -f frpc

rm -f frpc.ini

vi frps.ini

nohup ./frps -c ./frps.ini &

ps -ef |grep frps

配置文件

[common]

# A literal address or host name for IPv6 must be enclosed

# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"

bind_addr = 0.0.0.0

bind_port = 7001 【不要问冲突了】

# if you want to support virtual host, you must set the http port for listening (optional)

vhost_http_port = 8089

vhost_https_port = 1443

# ssh is the proxy name, client will use this name and auth_token to connect to server

[ssh]

type = tcp

auth_token = 123

bind_addr = 0.0.0.0

listen_port = 6000

【用来反向连接的端口】

客户端

wget https://github.com/fatedier/frp/releases/download/v0.8.1/frp_0.8.1_linux_386.tar.gz

tar -zxvf frp_0.8.1_linux_386.tar.gz

cd frp_0.8.1_linux_386

rm -f frps

rm -f frps.ini

vi frpc.ini

nohup ./frpc -c ./frpc.ini &、

ps -ef |grep frpc

frpc.ini

[common]

# A literal address or host name for IPv6 must be enclosed

# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"

server_addr = *.*.*.* 【被控端】

server_port = 7001

# console or real logFile path like ./frpc.log

log_file = ./frpc.log

# debug, info, warn, error

log_level = info

log_max_days = 3

# for authentication

auth_token = 123

# for privilege mode

privilege_token = 12345678

# ssh is the proxy name same as server's configuration

[ssh]

# tcp | http, default is tcp

type = tcp

local_ip = 127.0.0.1

local_port = 22

# true or false, if true, messages between frps and frpc will be encrypted, default is false

use_encryption = true

# default is false

use_gzip = false

# connections will be established in advance, default value is zero

pool_count = 10