千家信息网

请输入关键字词

热门搜索排行

最新搜索排行

导航: 首页 > 网络安全 >

ssh tunneling

发表于:2025-01-22 作者:千家信息网编辑
千家信息网最后更新 2025年01月22日,主要使用了ssh隧道技术:经常隧道会自动断开的原因:隧道可能因为某些原因断开,例如:机器重启,长时间没有数据通信而被路由器切断等等。OpenSSH基于安全的理由,如果用户连线到SSH Server后闲
千家信息网最后更新 2025年01月22日ssh tunneling

主要使用了ssh隧道技术:

经常隧道会自动断开的原因:隧道可能因为某些原因断开,例如:机器重启,长时间没有数据通信而被路由器切断等等。

OpenSSH基于安全的理由,如果用户连线到SSH Server后闲置一段时间,SSH Server会在超过特定时间后自动终止SSH连线。

保持长连接,我们需要了解这几个参数:

TCPKeepAlive yes/no for ssh and sshd

ClientAliveCountMax for sshd

ClientAliveInterval for sshd

ServerAliveCountMax for ssh

ServerAliveInterval for ssh

To enable the keep alive system-wide (root access required), edit /etc/ssh/ssh_config; to set the settings for just your user, edit ~/.ssh/config (create the file if it doesn't exist). Insert the following:

Host *

ServerAliveInterval 300

ServerAliveCountMax 2

You can also make your OpenSSH server keep alive all connections with clients by adding the following to /etc/ssh/sshd_config:

ClientAliveInterval 300

ClientAliveCountMax 2

connection idle timeout setting


ServerAliveCountMax

Sets the number of server alive messages (see below) which may be sent without ssh(1) receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session. It is important to note that the use of server alive messages is very different from TCPKeepAlive (below). The server alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The server alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.


The default value is 3. If, for example, ServerAliveInterval (see below) is set to 15 and ServerAliveCountMax is left at the default, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. This option applies to protocol version 2 only; in protocol version 1 there is no mechanism to request a response from the server to the server alive messages, so disconnection is the responsibility of the TCP stack.


ServerAliveInterval

Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server, or 300 if the BatchMode option is set. This option applies to protocol version 2 only. ProtocolKeepAlives and SetupTimeOut are Debian-specific compatibility aliases for this option.

下面是几个参数的解释:

TCPKeepAlive             Specifies whether the system should send TCP keepalive messages             to the other side.  If they are sent, death of the connection or             crash of one of the machines will be properly noticed.  However,             this means that connections will die if the route is down tem-             porarily, and some people find it annoying.  On the other hand,             if TCP keepalives are not sent, sessions may hang indefinitely on             the server, leaving "ghost" users and consuming server resources.             The default is "yes" (to send TCP keepalive messages), and the             server will notice if the network goes down or the client host             crashes.  This avoids infinitely hanging sessions.             To disable TCP keepalive messages, the value should be set to             "no". ClientAliveCountMax             Sets the number of client alive messages (see below) which may be             sent without sshd(8) receiving any messages back from the client.             If this threshold is reached while client alive messages are             being sent, sshd will disconnect the client, terminating the ses-             sion.  It is important to note that the use of client alive mes-             sages is very different from TCPKeepAlive (below).  The client             alive messages are sent through the encrypted channel and there-             fore will not be spoofable.  The TCP keepalive option enabled by             TCPKeepAlive is spoofable.  The client alive mechanism is valu-             able when the client or server depend on knowing when a connec-             tion has become inactive.             The default value is 3.  If ClientAliveInterval (see below) is             set to 15, and ClientAliveCountMax is left at the default, unre-             sponsive SSH clients will be disconnected after approximately 45             seconds.  This option applies to protocol version 2 only. ClientAliveInterval             Sets a timeout interval in seconds after which if no data has             been received from the client, sshd(8) will send a message             through the encrypted channel to request a response from the             client.  The default is 0, indicating that these messages will             not be sent to the client.  This option applies to protocol ver-             sion 2 only. ServerAliveInterval             Sets a timeout interval in seconds after which if no data has             been received from the server, ssh(1) will send a message through             the encrypted channel to request a response from the server.  The             default is 0, indicating that these messages will not be sent to             the server.  This option applies to protocol version 2 only. ServerAliveCountMax             Sets the number of server alive messages (see below) which may be             sent without ssh(1) receiving any messages back from the server.             If this threshold is reached while server alive messages are             being sent, ssh will disconnect from the server, terminating the             session.  It is important to note that the use of server alive             messages is very different from TCPKeepAlive (below).  The server             alive messages are sent through the encrypted channel and there-             fore will not be spoofable.  The TCP keepalive option enabled by             TCPKeepAlive is spoofable.  The server alive mechanism is valu-             able when the client or server depend on knowing when a connec-             tion has become inactive.             The default value is 3.  If, for example, ServerAliveInterval             (see below) is set to 15 and ServerAliveCountMax is left at the             default, if the server becomes unresponsive, ssh will disconnect             after approximately 45 seconds.  This option applies to protocol             version 2 only.


#!/bin/bash


###################################################################################

#date:2016-12-20 ######

#author:victor ######

#description: ######

#this shell script is for improving the network performance to www.google.com######

###################################################################################

Ssh_Pid=`ps aux | grep '192.168.1.53'| grep -v 'grep'| awk '{print $2}'`

kill $Ssh_Pid

ssh -f -w 0:0 192.168.1.53 true

ifconfig tun0 192.168.100.2 netmask 255.255.255.252

ssh root@192.168.1.53 "ifconfig tun0 192.168.100.1 netmask 255.255.255.252"


route add -host 192.168.1.53 dev eth0

route del -net 0.0.0.0

route add -net 0.0.0.0 dev tun0



很赞哦!
隧道 原因 参数 时间 安全 技术 数据 数据通信 机器 理由 用户 路由 路由器 长时 解释 通信 数据库的安全要保护哪些东西 数据库安全各自的含义是什么 生产安全数据库录入 数据库的安全性及管理 数据库安全策略包含哪些 海淀数据库安全审计系统 建立农村房屋安全信息数据库 易用的数据库客户端支持安全管理 连接数据库失败ssl安全错误 数据库的锁怎样保障安全 小学生网络安全作业试题 达州网络安全宣传 运动用品数据库 敏捷式软件开发流程 网络安全法的意义邮 软件开发十条规矩 qq数据库 解压 网络安全形势及对策分析调研报告 软件开发企业毛利率在多少 请配置连接dns服务器的源地址 遂平租房软件开发 刺客信条本色服务器 sugon服务器 管理口 数据库技术在经济管理方面的应用 阿里云服务器解析 信息通信网络安全管理探究图片 崇明区咨询软件开发厂家价格 深圳任子行网络安全公司 数据通信与网络技术第二版 如何让服务器不崩溃 深圳迈优互联网科技 lipid数据库 斗罗大陆豪杰服务器 centos7服务器优化脚本 黑子网络安全专业 mfc如何载入数据库 服务器l0 软件开发付款方式依据 网络安全宣传月主要讲什么 服务器电源型号

相关文章

0