1. 首页
  2. 问答
  3. [fatedier/frp]http和ws服务穿透成功 ssh连接不了

[fatedier/frp]http和ws服务穿透成功 ssh连接不了

2024-01-04 676 views
7

搭建了frp服务之后 公网连接 ssh失败

客户端启动都是成功的 映射的 http服务和 ws服务打开正常

就是在连接公网ssh是连接失败

服务器是阿里云的 安全组开了37000-47000的端口

内网的客户机也开了防火墙

没有其他的日志输出

frpc Version

0.47.0

frps Version

0.47.0

System Architecture

linux/amd64

Configurations

服务端配置

[common]
bind_port = 37000
vhost_http_port = 38080
token =xxxxxxxxxxxxxxxx
; log_file = /frps/frp_0.47.0_linux_amd64/log.txt

客户端配置

[common]
server_addr = xx.xx.xx.xx
server_port = 37000
token = xxxxxxxxxxxxxxxx

; 映射ssh服务
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 37600 ; 每台机器的端口要唯一

; ; 映射web服务
[web]
type = http
use_gzip = true
use_compression = true
local_port = 9696
custom_domains = frp60.xx.com

; ; 映射ws服务
[ws]
type = http
local_port = 9698
custom_domains = ws_frp60.xx.com
Logs

shh终端提示

C:\Users\admin>ssh -p 37600 root@xx.xx.xx.xx
ssh: connect to host xx.xx.xx.xx port 37600: Connection refused

客户端运行日志

2023/02/16 18:57:55 [I] [service.go:299] [67fa37d658a4576f] login to server success, get run id [67fa37d658a4576f], server udp port [0]
2023/02/16 18:57:55 [I] [proxy_manager.go:142] [67fa37d658a4576f] proxy added: [web ws ssh]
2023/02/16 18:57:55 [I] [control.go:172] [67fa37d658a4576f] [web] start proxy success
2023/02/16 18:57:55 [I] [control.go:172] [67fa37d658a4576f] [ssh] start proxy success
2023/02/16 18:57:55 [I] [control.go:172] [67fa37d658a4576f] [ws] start proxy success

服务端运行日志

2023/02/16 19:06:43 [I] [root.go:206] frps uses config file: frps.ini
2023/02/16 19:06:44 [I] [service.go:200] frps tcp listen on 0.0.0.0:37000
2023/02/16 19:06:44 [I] [service.go:261] http service listen on 0.0.0.0:38080
2023/02/16 19:06:44 [I] [root.go:215] frps started successfully
2023/02/16 19:07:52 [I] [service.go:500] [f97d1149272b5474] client login info: ip [113.88.112.94:12708] version [0.47.0] hostname [] os [linux] arch [amd64]
2023/02/16 19:07:52 [I] [http.go:95] [f97d1149272b5474] [ws] http proxy listen for host [ws_frp60.xx.com] location [] group [], routeByHTTPUser []
2023/02/16 19:07:52 [I] [control.go:464] [f97d1149272b5474] new proxy [ws] type [http] success
2023/02/16 19:07:52 [I] [tcp.go:66] [f97d1149272b5474] [ssh] tcp proxy listen port [0]
2023/02/16 19:07:52 [I] [control.go:464] [f97d1149272b5474] new proxy [ssh] type [tcp] success
2023/02/16 19:07:52 [I] [http.go:95] [f97d1149272b5474] [web] http proxy listen for host [frp60.xx.com] location [] group [], routeByHTTPUser []
2023/02/16 19:07:52 [I] [control.go:464] [f97d1149272b5474] new proxy [web] type [http] success

yh4922

回答

6

检查运行 frpc 的客户机的 ssh 是否能被本地正常访问,绑定的是否是 22 端口

lsof -i:22
ssh root@127.0.0.1

Becods

6

ssh 服务是正常的 lsof -i:22

root@pc-MS-7D17:~# lsof -i:22
COMMAND     PID USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
sshd        976 root    3u  IPv4     26082      0t0  TCP *:ssh (LISTEN)
sshd        976 root    4u  IPv6     26084      0t0  TCP *:ssh (LISTEN)
sshd     900943 root    4u  IPv4 410052413      0t0  TCP pc-MS-7D17:ssh->192.168.18.74:63957 (ESTABLISHED)
...

ssh root@127.0.0.1

root@pc-MS-7D17:~# ssh root@127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:rtyPGkXvPngYcuhzSR1fv2v4NUxY6l5gOQV4IsXnp1Q.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
root@127.0.0.1's password: 
Welcome to Ubuntu 21.04 (GNU/Linux 5.11.0-49-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

62 updates can be applied immediately.
To see these additional updates run: apt list --upgradable

The list of available updates is more than a week old.
To check for new updates run: sudo apt update
Last login: Mon Feb 20 09:54:44 2023 from 192.168.18.119

yh4922

6

尝试在无法访问的客户机上使用ssh -vvv输出更多信息

Becods

5

执行结果

C:\Users\13710>ssh -vvv
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
           [-i identity_file] [-J [user@]host[:port]] [-L address]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
           [-w local_tun[:remote_tun]] destination [command]

yh4922

2

我表达问题

我的意思是使用这个ssh -vvv替换ssh这个命令

Becods

3

哦哦 了解了

pc@pc-MS-7D17:~$ ssh -vvv -p 37600 root@127.0.0.1
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 127.0.0.1[127.0.0.1] port 37600.
debug1: connect to address 127.0.0.1 port 37600: Connection refused
ssh: connect to host 127.0.0.1 port 37600: Connection refused

yh4922

 相关问题