# PVE 與內網 LXC/VM 進行 Reverse Tunnel SSH 連線


# LXC/VM 客機操作


# 在 LXC/VM 產生 SSH 金鑰

1
2
ssh-keygen #產生金鑰 一路 Enter
cat .ssh/id_rsa.pub #顯示公鑰並複製起來

# 調整 SSH 權限設定

1
nano /etc/ssh/sshd_config

新增設定

1
2
PermitRootLogin yes
GatewayPorts on

# 重啟 SSH

1
systemctl restart ssh

# 建立通往 PVE Host 的通道

1
ssh [email protected] -L 140.96.83.14:2210:192.168.100.200:22

# PVE Host 操作


# 寫入公鑰到 PVE Host 裡面

1
nano ~/.ssh/authorized_keys #開啟檔案並貼上公鑰

# 設置 Reverse Proxy Tunnel

把 192.168.100.200:22 導向 Host IP 的 2210

1
ssh -f -N -L 0.0.0.0:2210:192.168.100.200:22 [email protected]

# 查看是否掛上 Tunnel

1
2
3
ss -tulpn | grep 2210
netstat -tulpn # Need install net-tools

# 刪除 Tunnel

1
2
ps aux | grep ssh
kill <id>

# 建立持久的 SSH Reverse Tunnel 服務

nano /etc/systemd/system/ssh-tunnel-persistent.service

1
2
3
4
5
6
7
8
9
10
11
12
[Unit]
Description=Persistent SSH Tunnel to from port 2210 on this server to port 22 on external server (for encrypted traffi>
After=network.target
[Service]
Restart=on-failure
RestartSec=5
User=root
Group=root
#ExecStart=/usr/bin/ssh -NTC -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -L 0.0.0.0:8006:127.0.0.1:8006 root>
ExecStart=/usr/bin/ssh -L 140.96.83.14:2210:192.168.100.200:22 [email protected]
[Install]
WantedBy=multi-user.target

Start Service

1
2
systemctl daemon-reload
systemctl start ssh-tunnel-persistent.service

# Client SSH Connect


# 提供 SSH 公鑰給 PVE Host

1
cat ~/.ssh/id_rsa.pub

複製且新增到 PVE ~/.ssh/authorized_keys

1
2

ssh HOST_IP -p 2210