我在我的linux机器上使用了很多SSH隧道来连接不同的服务器(用于连接数据库、Web服务器等),如果能通过shell脚本来查看当前开放的隧道列表,那将会非常方便。
我可以通过netstat上的grep来识别本地连接,大致如下。
netstat -n --protocol inet | grep ':22'
但这并不能显示远程端口的连接(显然包括标准的SSH连接,而不是隧道连接)
更新 。答案是好的,但不能显示我连接的远程端口。例如,我经常有一个连接到mysql的隧道,比如localhost:3308映射到服务器上的:3306。通常我可以通过我选择的本地端口来猜测,但如果能同时访问两个端口就更好了。
有什么办法吗?
如果你只想列出ssh创建的隧道。
% sudo lsof -i -n | egrep '\<ssh\>'
ssh 19749 user 3u IPv4 148088244 TCP x.x.x.x:39689->y.y.y.y:22 (ESTABLISHED)
ssh 19749 user 4u IPv6 148088282 TCP [::1]:9090 (LISTEN)
ssh 19749 user 5u IPv4 148088283 TCP 127.0.0.1:9090 (LISTEN)
(这将是一个-L 9090:localhost:80隧道)
如果你想查看sshd所创建的隧道/连接:
% sudo lsof -i -n | egrep '\<sshd\>'
sshd 15767 root 3u IPv4 147401205 TCP x.x.x.x:22->y.y.y.y:27479 (ESTABLISHED)
sshd 15842 user 3u IPv4 147401205 TCP x.x.x.x:22->y.y.y.y:27479 (ESTABLISHED)
sshd 15842 user 9u IPv4 148002889 TCP 127.0.0.1:33999->127.0.0.1:www (ESTABLISHED)
sshd 1396 user 9u IPv4 148056581 TCP 127.0.0.1:5000 (LISTEN)
sshd 25936 root 3u IPv4 143971728 TCP *:22 (LISTEN)
ssh-daemon在端口22上监听(最后一行),2个子进程被生成(前两行,"用户 “的登录),一个在端口5000上创建的-R隧道,和一个从我的(本地)机器转发到localhost:80(www)的-L隧道。
netstat -tpln | grep ssh
EDIT: @akira评论的例子。
(header added, tested on Debian wheezy)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:1443 0.0.0.0:* LISTEN 4036/ssh
这可以理解为。SSH(不是SSHd)正在监听本地TCP端口1443。
这是这个问题在google上的顶级结果,所以我把我的答案放在这里。我熬夜过滤结果,得出了一个很长的复杂命令,只显示你的反向ssh隧道,格式如下。
publicipaddress:remoteeforwardedport
下面是代码,我运行的是Ubuntu Server 12. 我正在运行反向ssh隧道,将本地端口5900转发到我的公共ssh服务器上,而这个命令可以显示我所有的公共IP地址和远程端口。
sudo lsof -i -n | egrep '\<sshd\>' | grep -v ":ssh" | grep LISTEN | sed 1~2d | awk '{ print $2}' | while read line; do sudo lsof -i -n | egrep $line | sed 3~3d | sed 's/.*->//' | sed 's/:......*(ESTABLISHED)//' | sed 's/.*://' | sed 's/(.*//' | sed 'N;s/\n/:/' 2>&1 ;done
report_local_port_forwardings() {
# -a ands the selection criteria (default is or)
# -i4 limits to ipv4 internet files
# -P inhibits the conversion of port numbers to port names
# -c /regex/ limits to commands matching the regex
# -u$USER limits to processes owned by $USER
# http://man7.org/linux/man-pages/man8/lsof.8.html
# https://stackoverflow.com/q/34032299
echo
echo "LOCAL PORT FORWARDING"
echo
echo "You set up the following local port forwardings:"
echo
lsof -a -i4 -P -c '/^ssh$/' -u$USER -s TCP:LISTEN
echo
echo "The processes that set up these forwardings are:"
echo
ps -f -p $(lsof -t -a -i4 -P -c '/^ssh$/' -u$USER -s TCP:LISTEN)
}
report_remote_port_forwardings() {
echo
echo "REMOTE PORT FORWARDING"
echo
echo "You set up the following remote port forwardings:"
echo
ps -f -p $(lsof -t -a -i -c '/^ssh$/' -u$USER -s TCP:ESTABLISHED) | awk '
NR == 1 || /R (\S+:)?[[:digit:]]+:\S+:[[:digit:]]+.*/
'
}
report_local_port_forwardings
report_remote_port_forwardings
样本输出。
LOCAL PORT FORWARDING
You set up the following local port forwardings:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssh 10086 user 7u IPv4 1924960 0t0 TCP localhost:2301 (LISTEN)
ssh 10086 user 9u IPv4 1924964 0t0 TCP localhost:2380 (LISTEN)
ssh 10086 user 11u IPv4 1924968 0t0 TCP localhost:2381 (LISTEN)
The processes that set up these forwardings are:
UID PID PPID C STIME TTY TIME CMD
user 10086 7074 0 13:05 pts/21 00:00:00 ssh -N ssh.example.com
REMOTE PORT FORWARDING
You set up the following remote port forwardings:
UID PID PPID C STIME TTY STAT TIME CMD
user 7570 30953 0 11:14 pts/18 S 0:00 ssh -N -R 9000:localhost:3000 ssh.example.com
/sbin/ip tunnel list # replacement for the deprecated iptunnel command
#!/bin/csh -f echo SSH Tunnels Connected echo foreach f (`netstat -an -p | grep tcp | grep sshd | grep -v :: | grep -v 0:22 | grep LISTEN | cut -d" " -f45- | cut -d"/" -f1`) set ip = `netstat -an -p | grep tcp | grep sshd | grep -v :: | grep -v 0:22 | grep ESTABLISH | grep $f | cut -d" " -f20- | cut -d":" -f1` #set h = `grep -a "$ip" /htdocs/impsip.html | grep br | cut -d" " -f2` echo -n "$ip " echo `netstat -an -p | grep tcp | grep sshd | grep -v :: | grep -v 0:22 | grep LISTEN | grep $f | cut -d":" -f2 | cut -d" " -f1` #echo " $h" end