ssh+frp to achieve intranet penetration

Posted by vidyashankara on Sat, 05 Mar 2022 04:32:33 +0100

1, Introduction to frp

A high-performance reverse proxy application that can be used for intranet penetration. It supports TCP, UDP, HTTP and HTTPS protocols.

Official documents:

2, Configuration steps

1. Configure ssh connection preparation

Server: you need a server that can directly access the external network, Alibaba cloud or Tencent cloud server

Client: a server that requires intranet penetration

2. Configure ssh installation steps

Attached:( Reference blog)

Download frp compressed package

Download address:

My is ubuntu, so even if I download frp_0.34.3_linux_amd64.tar.gz can choose according to its own computer

Extract the installation package from the server and client

cd /usr/local/
tar -zxvf frp_0.34.3_linux_amd64.tar.gz
mv frp_0.34.3_linux_amd64 frp
  • frpc: client executable
  • frpc_full.ini: all configuration items of the client (you can view all configuration items of frp in this file)
  • frpc.ini: client configuration item
  • frps: server executable
  • frps_full.ini: all configuration items of the server (you can view all configuration items of frp in this file)
  • frps.ini: server configuration item

Server configuration

View FRPs INI file, modified as follows

bind_port = 7000 # The port number bound between the client and the server

In the default configuration information, only one binding port is 7000, which means that we bind 7000 port in the external network server to communicate with the client.

Note: the port can be customized, but it needs to be unified between the client and the server. Alibaba cloud servers need to configure security group rules in esc management to expose 7000 ports

Start the server

./frps -c frps.ini

After successful startup, closing the xshell or exiting the callback will disconnect the connection. You can use nohup for background startup (this method can be used for subsequent startup)

The following is the background startup and log input to file Log file

nohup ./frps -c ./frps.ini > file.log 2>&1 &

If required, you can configure the automatic startup at the end of the text

Client configuration

View FRPC INI file, modified as follows

server_addr = # Your public ip
server_port = 7000 # The bound port can be customized and can be connected with the server all the time

type = tcp
local_ip = # For the bound ip, fill in to indicate the local machine
local_port = 22
remote_port = 6008 # ssh defaults to 22 and now forwards to port 6008
  • **[common] * * indicates that the following configuration information is common
  • server_addr is the public network access ip of our server, that is, the external network server
  • server_port is the FRPs we configured on the server earlier Bind in ini_ Port. Both sides need to be consistent
  • **[ssh] * * indicates that the following configuration information is required when we use ssh to connect to the intranet server
  • Type is the connection type, and tcp is used for ssh connection
  • local_ip is the native ip. You can use directly
  • local_port is the local ssh port, and the default ssh port is 22
  • remote_port is the port requested by the Internet server. Note: Alibaba cloud server needs to add port 6008 to the security group rules configured in esc management

Start client

./frpc -c ./frpc.ini

OK, then you can connect through xshell. You only need to specify the port number as remote_port(6008), as follows

Multiple ssh configurations (optional)

A single ssh configuration is successful, and multiple items are configured. For the same operation, Download frp on another machine, and then you only need to modify FRPC INI file. The modified format is as follows

server_addr =
server_port = 7000

[ssh001] # Cannot repeat
type = tcp
local_ip =
local_port = 22
remote_port = 6009 # Cannot repeat

Remote needs to be_ Port can be modified. The [ssh] name cannot be duplicate

Start the frpc command.

Set frp to start automatically (not necessary)

Create service file

sudo vim /etc/systemd/system/frpc.service

Fill in the information

Description=Frp Client 



Start service related operations

#Refresh service list: 
systemctl daemon-reload 
#Set startup and self startup 
systemctl enable frpc 
#Turn off the automatic startup 
systemctl disable frpc 
#Start service 
systemctl start frpc 
#Out of Service 
systemctl stop frpc

Topics: Python Back-end Software