講的會(huì)有點(diǎn)啰嗦
一次抓包 發(fā)現(xiàn)的問(wèn)題
tcpdump -vvv -X -n -i any -s0 host “xx.xx.xx.xx” and port 22 -w xxx.pcap
然后從數(shù)據(jù)中發(fā)現(xiàn)了一問(wèn)題，總所周知，ssh 通過(guò)加密的方式傳遞數(shù)據(jù) 多以 也會(huì)把 ssh 當(dāng)作隧道 通信
然后在抓的數(shù)據(jù)中發(fā)現(xiàn)了一些 tcp協(xié)議的數(shù)據(jù)包，然后分析這些包，全都是建立通信的包，然后再google

OpenSSH provides TCP port forwarding, also known as tunnelling, which allows other TCP applications to forward their network data over a secure SSH connection. In other words, existing TCP applications that do not encrypt their data before sending it across the network can send their network traffic through an SSH channel, thereby securing it.

Without TCP forwarding, an application’s client connections directly to its server across the network, as shown in Figure 1. To use port forwarding, an existing SSH session must exist.

簡(jiǎn)單粗俗的理解，我們使用ssh 對(duì)linux 操作 就是這個(gè)原理，進(jìn)程間的通信本地 client port2001 tcp server port 27 在傳輸數(shù)據(jù)的使用采用ssh 隧道 port 22
所以當(dāng)重點(diǎn)在ssh 隧道時(shí)， 數(shù)據(jù)轉(zhuǎn)發(fā) 也就是tcp forword

好像理解這個(gè)也沒(méi)有多大的作用

####################################################
有一點(diǎn)需要注意的是，數(shù)據(jù)包中的真實(shí)內(nèi)容如果不采用加密的方式，那誰(shuí)都可以看到，也就是我們常說(shuō)的光膀子跳舞 然后雖然抓包能獲得原始數(shù)據(jù) 比如 以十六進(jìn)制展示，但是 這數(shù)據(jù)的轉(zhuǎn)義后的意義你是不了解的。

###################################################
ssh 通信 原理 流程

Authentication
The first step is that the SSH server and client authenticate themselves to one another. The server sends a certificate to the client to verify that it is the correct server. When making contact, there is the risk that a third party will get between the two participants and therefore intercept the connection. Since the certificate itself is also encrypted, it cannot be imitated. Once the client knows what the correct certificate is, no third parties can contact the relevant server.

After server authentication, however, the client must also identify itself as being authorized to access the server. A password can be used for this purpose. This (or the encrypted hash value of it) is stored on the server. As a result, users must enter their password each time they log onto the different server during the same session. For this reason, there is an alternative method of client-side authentication using the key pair public key and private key.

The private key is created individually for your own computer and secured with a passphrase that should be longer than a typical password. The private key is stored exclusively on your own computer and always remains secret. If you want to establish an SSH connection, just enter the passphrase and you will gain access to the private key.

There are also public keys on the server (just like on the client itself). The server creates a cryptographic problem with its public key and sends this to the client. The server then decrypts the problem with its own private key, sends the solution back, and informs the server that it is allowed to establish a legitimate connection.

During a session, you only need to enter the passphrase once to connect to any number of servers, At the end of the session, users should log off from their local computers to ensure that no third party with physical access to the local computer can connect to the server.

Encryption
After mutual authentication, the two communication participants establish an encrypted connection. To do this, a key is generated for the session, which expires when the session is over. This is not to be confused with the public/private key pairs, which are only used for key exchange. The key used for symmetric encryption is only valid with this one session. Both client and server have the same key, so any messages that are exchanged can be encrypted and decrypted. Client and server create the key simultaneously, but independently of one another. In the so-called key change algorithm, both parties use certain public and secret information to create the key.

Another form of encryption takes place in SSH through hashing. A hash is a form of signature for the transmitted data. An algorithm generates a unique hash from the data. If data is manipulated, the hash value changes automatically. This way the recipient can know whether data has been changed by third parties along the way. The hash values are designed in such a way that they cannot be easily simulated. It’s not possible to create two different transmissions with the same hash – this is known as collision protection.

SSH ports
TCP ports are endpoints that open servers and clients to enable communication. As with a port, the communication partners receive and send the data packets via these ports. TCP has an address space of 16 bits and therefore 65535 ports are available. However, the internet assigned numbers authority (IANA) has assigned a number of ports (exactly 1024) for certain applications, including the SSH port. By default, all SSH connections run on port 22.

##################################################
參考1
參考2文章來(lái)源地址http://www.zghlxwxcb.cn/news/detail-819259.html

到了這里，關(guān)于ssh | OpenSSH - with TCP port forwarding | ssh通過(guò) tcp轉(zhuǎn)發(fā)數(shù)據(jù) | ssh 隧道的文章就介紹完了。如果您還想了解更多內(nèi)容，請(qǐng)?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！