一、引言

在校期间可以使用ssh直接连接校内实验室中的linux服务器,但是如果暑假回家使用家庭wifi或者手机流量wifi,那么就无法使用ssh直接连接校内的服务器。本文提供一个实现校外也能访问校内服务器的方法。

  • 云服务器(系统为Debian 11.7 64位)
  • frp(版本为0.54.0)
  • 云服务器的7000、7500以及6000-7000端口(根据toml配置打开端口)

dashboard效果

二、配置frp服务端

  1. 首先需要将frp下载到云服务器上
# 创建frp文件夹并进入该文件夹 (后面还需要将修改)
# mkdir /usr && cd ~/frp
# 下载frp,路径与frps.service/frpc.service必须一致(推荐)
cd /usr/local
# 从github上下载frp
# https://github.com/fatedier/frp/releases/
wget https://github.com/fatedier/frp/releases/download/v0.54.0/frp_0.54.0_linux_amd64.tar.gz
# 解压并进入
tar -zxvf frp_0.54.0_linux_amd64.tar.gz
cd frp_0.54.0_linux_amd64
  1. 修改frps.toml
sudo vim frps.toml
# https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml

# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.

# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`.
bindAddr = "0.0.0.0"
bindPort = 7000

# udp port used for kcp protocol, it can be same with 'bindPort'.
# if not set, kcp is disabled in frps.
kcpBindPort = 7000

# Configure the web server to enable the dashboard for frps.
# dashboard is available only if webServer.port is set.
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"

# auth.method specifies what authentication method to use authenticate frpc with frps.
# If "token" is specified - token will be read into login message.
# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
auth.method = "token"

# auth.additionalScopes specifies additional scopes to include authentication information.
# Optional values are HeartBeats, NewWorkConns.
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]

# auth token
auth.token = "12345678"

# Only allow frpc to bind ports you list. By default, there won't be any limit.
allowPorts = [
  { start = 6000, end = 7000 },
]
  1. 创建frps.service,使其随服务器自启动
sudo vim /etc/systemd/system/frps.service
[Unit]
Description = frp server
After = network.target
Wants = network.target

[Service]
Type = simple
ExecStart = /usr/local/frp_0.54.0_linux_amd64/frps -c /usr/local/frp_0.54.0_linux_amd64/frps.toml

#
ExecStop=/bin/kill $MAINPID
Restart=always
RestartSec=5
[Install]
WantedBy = multi-user.target
  1. 重载服务
sudo systemctl daemon-reload
  1. 启动frps.service
sudo systemctl start frps.service
# sudo systemctl stop frps.service // 停止服务
# sudo systemctl status frps.service //查看是否成功
# sudo systemctl restart frps.service // 修改任何配置后重启服务
sudo systemctl enable frps.service # 可选(后果未知)
  1. 本地查看dashboard是否正常启动(地址为:云服务器公网ip:端口)
x.x.x.x:7500

三、配置frp客户端

  1. 将frp下载到校内服务器上(步骤跟上面一样)
  2. 修改frpc.toml
# serverAddr为云服务器公网ip。
sudo vim frpc.toml
# https://github.com/fatedier/frp/blob/dev/conf/frpc_full_example.toml

# your proxy name will be changed to {user}.{proxy}
user = "your_name"
# user = "ubuntu10.200.64.32"

# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single serverAddr field, no need square brackets, like serverAddr = "::".
serverAddr = "x.x.x.x"
serverPort = 7000

# Decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
loginFailExit = true

# console or real logFile path like ./frpc.log
log.to = "./frpc.log"
# trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3

auth.method = "token"
# auth.additionalScopes specifies additional scopes to include authentication information.
# Optional values are HeartBeats, NewWorkConns.
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]

# auth token
auth.token = "12345678"

[[proxies]]
# 'ssh' is the unique proxy name
# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000

3.创建frpc.service,使其随服务器自启动

sudo vim /etc/systemd/system/frpc.service
[Unit]
Description = frp client
After = network.target
Wants = network.target

[Service]
Type = simple
ExecStart = /usr/local/frp_0.54.0_linux_amd64/frpc -c /usr/local/frp_0.54.0_linux_amd64/frpc.toml

#
ExecStop=/bin/kill $MAINPID
Restart=always
RestartSec=5
[Install]
WantedBy = multi-user.target
  1. 重载服务
sudo systemctl daemon-reload
  1. 启动frpc.service
sudo systemctl start frpc.service
# sudo systemctl stop frpc.service // 停止服务
# sudo systemctl status frpc.service //查看是否成功
# sudo systemctl restart frpc.service // 修改任何配置后重启服务
sudo systemctl enable frpc.service # 可选(后果未知)

四、测试是否成功

  1. 在非校内网环境中,利用ssh连接校内服务器
# x.x.x.x为云服务器公网ip,
# roshan为校内网主机的用户名!而且不能为root。
# 密码是校内服务器的roshan用户登陆密码
ssh ssh -oPort=6000 roshan@x.x.x.x
  1. 免密登陆(可选)

如果想避免每次输入密码(校内服务器的用户登陆密码),可以添加密钥实现免密连接。首先在本地生成密钥对(若本地已经存在可以省略这一步)。

# -b 4096 表示生成的 rsa 秘钥对的长度是 4096 个 bit(可选参数)
ssh-keygen -t rsa -b 4096

然后,将本地的公钥上传到校内网服务器上,主要有两种方式:

  • 自动添加:
#在校内网环境下,x.x.x.x为校内服务器的内网ip
ssh-copy-id roshan@x.x.x.x
  • 手动添加:

将本地刚生成的公钥文件中的内容添加到/root/.ssh/authorized_keys,再修改配置文件/etc/ssh/sshd_config,并将PubkeyAuthentication配置为yes,从而允许使用基于密钥认证的方式登录。

五、连接vscode remote(可选)

  1. 在config文件中添加如下内容(x.x.x.x为云服务器公网ip)
Host x.x.x.x
  HostName x.x.x.x
  User roshan
  Port 6000

六、服务器命令行登陆校园网(番外篇)

  1. 查看校园网登录页面源码,获取要提交的字段名称
  2. 基本命令如下
# ip,student_id,password替换成相应值
curl 'http://172.16.200.12' -d "DDDDD=student_id&upass=password&0MKKey="
  1. 测试是否成功
ping wwww.baidu.com

若出现错误“name or service not know”,在resolv.conf文件中添加如下两行内容,分别是首选DNS服务器和备选DNS服务器。

sudo vim /etc/resolv.conf
nameserver 8.8.8.8
nameserver 114.114.114.114
  1. 查看注销后页面的url(未测试)
curl 'http://172.16.200.12/F.htm'

参考