In this tutorial we are going to realize how to SSH remotely connect to a Linux CentOS server at home/company in an external public network environment, without a public IP and without setting up a router.
video tutorial
[video(video-jrpesBrv-1680147672481)(type-csdn)(url-live broadcast (not recorded)https //www.cpolar.com/” title=”cpolar – Secure Intranet Penetration Tool”>cpolar – Secure Intranet Penetration Tool
cpolar supports one-click auto-installation of scripts
-
cpolar installation (for domestic use)
curl -L https://www.cpolar.com/static/downloads/install-release-cpolar.sh | sudo bash
or cpolar short link installation method: (for foreign use)
curl -sL https://git.io/cpolar | sudo bash
-
Check the version number, there is a normal display of the version number that is successfully installed
cpolar version
-
token authentication, login to the background of cpolar official website, click on the left side of the authentication, check your own authentication token, and then paste the token in the command line.
cpolar authtoken xxxxxxx
-
Simple penetration test, if there is a normal generation of public network address is successful penetration, press ctrl + c exit
cpolar http 8080
-
Adding services to the system
sudo systemctl enable cpolar
-
Start the cpolar service
sudo systemctl start cpolar
-
Check the status of the service, which is normally displayed as
active
then it indicates a successful startup online status
sudo systemctl status cpolar
After cpolar is successfully installed, 2 sample tunnels will be installed by default, which can be edited or deleted by yourself.
-
website tunnel: using http protocol, pointing to local port 8080
-
ssh tunnel, using tcp protocol, pointing to local port 22
2. Creating TCP tunnels
After installing cpolar Intranet Penetration locally on centOS system, you can access the local port 9200 of centOS from an external browser.LAN ip+:9200
, open the cpolar web ui interface.
After installing cpolar, it will generate a tunnel with ssh name by default, if you have ssh, you can directly jump to view the online tunnel list, and then connect remotely.
If not, we click on the left-hand dashboard of theTunnel Management
——Creating a Tunnel
Since ssh connections default to port 22, we’re going to create a tcp tunnel to port 22:
-
Tunnel name: customizable, taking care not to repeat
-
Protocol: tcp
-
Local address: 22
-
Domain type: select random domain name
-
Region: Select China VIP
strike (on the keyboard)establish
After creating the tunnel, open the online tunnel list and check the random public tcp address.
3. Random-address public-network remote connections
Outside we can use this public address to SSH remote connection to Linux CentOS, windows system for example, we use in the cmd window can be remotely connected to centOS
ssh -p port number username@public address
Note that since our local port 22 is mapped to port 23075 on the public network (your public port may be different), the ssh command needs to be followed by the -p parameter followed by the public port number
Also we can use the xshell utility to connect to the
4. Fixed TCP address
The temporary TCP data tunnel established by cpolar successfully connects to the centos system on the LAN, and allows us to perform undifferentiated operations through this TCP connection tunnel. However, this TCP data tunnel is still a random temporary TCP tunnel, the port number will change every 24 hours, it is more suitable for debugging the system, remote operation problem solving and other environments.
If we want this data tunnel to exist stably for a long time, we need to set it up further. First of all, you have to log in to the cpolar website and click on the left side of thereserve
In the Reservations screen, find theReserved TCP address
Item. Under this item, we fill in some necessary information, such as the name of the tunnel that identifies the data tunnel, the area in which the tunnel is used, etc.
-
Region: Select China VIP
-
Description: i.e. notes, can be customized to fill in
Then clickreservations
After successful address reservation, cpolar will return a fixed public address + fixed public port number, which is the fixed address of our ssh connection to the centos system, copy it down
Next, we go back to the cpolar web UI management interface and open theTunnel List
, find the random temporary TCP tunnel you created earlier and enter thecompiler
web page
Paste the tunnel port we got from the cpolar website into thereserved TCP address
column, and then click below theupdate
buttons
-
Port type: change to select
Fixed TCP ports
-
Reserved TCP address: Fill in the fixed public address just reserved successfully
strike (on the keyboard)update
Then check the list of online tunnels again, and find that the public address of the ssh tunnel has changed to the fixed address reserved by our website.
At this point, we can use the command to connect to Linux CentOS system under other devices and operating systems, stable and easy, and do not have to worry about the data tunnel port number reset problem.
5. SSH remote using a fixed public TCP address
Open cmd and execute the ssh command
ssh -p port number username@public address
Note here that you still need to add the -p parameter followed by the public port number
Also use the xshell tool to connect.
In summary, the successful realization of the external public network environment can also be SSH remote connection to the company/home Linux CentOS server, do not need a public IP, do not need to set up a router, simply through the cpolar intranet penetration tool to map the local port 22, through the generated public address to SSH remote connection.