利用frp实现校园网服务器穿透
一、引言
在校期间可以使用ssh直接连接校内实验室中的linux服务器,但是如果暑假回家使用家庭wifi或者手机流量wifi,那么就无法使用ssh直接连接校内的服务器。本文提供一个实现校外也能访问校内服务器的方法。
- 云服务器(系统为Debian 11.7 64位)
- frp(版本为0.54.0)
- 云服务器的7000、7500以及6000-7000端口(根据toml配置打开端口)
二、配置frp服务端
- 首先需要将frp下载到云服务器上
# 创建frp文件夹并进入该文件夹 (后面还需要将修改)
# mkdir /usr && cd ~/frp
# 下载frp,路径与frps.service/frpc.service必须一致(推荐)
cd /usr/local
# 从github上下载frp
# https://github.com/fatedier/frp/releases/
wget https://github.com/fatedier/frp/releases/download/v0.54.0/frp_0.54.0_linux_amd64.tar.gz
# 解压并进入
tar -zxvf frp_0.54.0_linux_amd64.tar.gz
cd frp_0.54.0_linux_amd64
- 修改frps.toml
sudo vim frps.toml
# https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml
# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`.
bindAddr = "0.0.0.0"
bindPort = 7000
# udp port used for kcp protocol, it can be same with 'bindPort'.
# if not set, kcp is disabled in frps.
kcpBindPort = 7000
# Configure the web server to enable the dashboard for frps.
# dashboard is available only if webServer.port is set.
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"
# auth.method specifies what authentication method to use authenticate frpc with frps.
# If "token" is specified - token will be read into login message.
# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
auth.method = "token"
# auth.additionalScopes specifies additional scopes to include authentication information.
# Optional values are HeartBeats, NewWorkConns.
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
# auth token
auth.token = "12345678"
# Only allow frpc to bind ports you list. By default, there won't be any limit.
allowPorts = [
{ start = 6000, end = 7000 },
]
- 创建frps.service,使其随服务器自启动
sudo vim /etc/systemd/system/frps.service
[Unit]
Description = frp server
After = network.target
Wants = network.target
[Service]
Type = simple
ExecStart = /usr/local/frp_0.54.0_linux_amd64/frps -c /usr/local/frp_0.54.0_linux_amd64/frps.toml
#
ExecStop=/bin/kill $MAINPID
Restart=always
RestartSec=5
[Install]
WantedBy = multi-user.target
- 重载服务
sudo systemctl daemon-reload
- 启动frps.service
sudo systemctl start frps.service
# sudo systemctl stop frps.service // 停止服务
# sudo systemctl status frps.service //查看是否成功
# sudo systemctl restart frps.service // 修改任何配置后重启服务
sudo systemctl enable frps.service # 可选(后果未知)
- 本地查看dashboard是否正常启动(地址为:云服务器公网ip:端口)
x.x.x.x:7500
三、配置frp客户端
- 将frp下载到校内服务器上(步骤跟上面一样)
- 修改frpc.toml
# serverAddr为云服务器公网ip。
sudo vim frpc.toml
# https://github.com/fatedier/frp/blob/dev/conf/frpc_full_example.toml
# your proxy name will be changed to {user}.{proxy}
user = "your_name"
# user = "ubuntu10.200.64.32"
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single serverAddr field, no need square brackets, like serverAddr = "::".
serverAddr = "x.x.x.x"
serverPort = 7000
# Decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
loginFailExit = true
# console or real logFile path like ./frpc.log
log.to = "./frpc.log"
# trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3
auth.method = "token"
# auth.additionalScopes specifies additional scopes to include authentication information.
# Optional values are HeartBeats, NewWorkConns.
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
# auth token
auth.token = "12345678"
[[proxies]]
# 'ssh' is the unique proxy name
# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000
3.创建frpc.service,使其随服务器自启动
sudo vim /etc/systemd/system/frpc.service
[Unit]
Description = frp client
After = network.target
Wants = network.target
[Service]
Type = simple
ExecStart = /usr/local/frp_0.54.0_linux_amd64/frpc -c /usr/local/frp_0.54.0_linux_amd64/frpc.toml
#
ExecStop=/bin/kill $MAINPID
Restart=always
RestartSec=5
[Install]
WantedBy = multi-user.target
- 重载服务
sudo systemctl daemon-reload
- 启动frpc.service
sudo systemctl start frpc.service
# sudo systemctl stop frpc.service // 停止服务
# sudo systemctl status frpc.service //查看是否成功
# sudo systemctl restart frpc.service // 修改任何配置后重启服务
sudo systemctl enable frpc.service # 可选(后果未知)
四、测试是否成功
- 在非校内网环境中,利用ssh连接校内服务器
# x.x.x.x为云服务器公网ip,
# roshan为校内网主机的用户名!而且不能为root。
# 密码是校内服务器的roshan用户登陆密码
ssh ssh -oPort=6000 roshan@x.x.x.x
- 免密登陆(可选)
如果想避免每次输入密码(校内服务器的用户登陆密码),可以添加密钥实现免密连接。首先在本地生成密钥对(若本地已经存在可以省略这一步)。
# -b 4096 表示生成的 rsa 秘钥对的长度是 4096 个 bit(可选参数)
ssh-keygen -t rsa -b 4096
然后,将本地的公钥上传到校内网服务器上,主要有两种方式:
- 自动添加:
#在校内网环境下,x.x.x.x为校内服务器的内网ip
ssh-copy-id roshan@x.x.x.x
- 手动添加:
将本地刚生成的公钥文件中的内容添加到/root/.ssh/authorized_keys,再修改配置文件/etc/ssh/sshd_config,并将PubkeyAuthentication配置为yes,从而允许使用基于密钥认证的方式登录。
五、连接vscode remote(可选)
- 在config文件中添加如下内容(x.x.x.x为云服务器公网ip)
Host x.x.x.x
HostName x.x.x.x
User roshan
Port 6000
六、服务器命令行登陆校园网(番外篇)
- 查看校园网登录页面源码,获取要提交的字段名称
- 基本命令如下
# ip,student_id,password替换成相应值
curl 'http://172.16.200.12' -d "DDDDD=student_id&upass=password&0MKKey="
- 测试是否成功
ping wwww.baidu.com
若出现错误“name or service not know”,在resolv.conf文件中添加如下两行内容,分别是首选DNS服务器和备选DNS服务器。
sudo vim /etc/resolv.conf
nameserver 8.8.8.8
nameserver 114.114.114.114
- 查看注销后页面的url(未测试)
curl 'http://172.16.200.12/F.htm'
参考
- github: https://github.com/fatedier/frp/issues/944
- frp文档: https://gofrp.org/zh-cn/docs/
- frp项目地址: https://github.com/fatedier/frp