Ssh on IT it's FUNhttps://mksit.sknt.ru/tags/ssh/Recent content in Ssh on IT it's FUNHugoruWed, 13 May 2026 00:00:00 +0000SSH tunnelhttps://mksit.sknt.ru/posts/ssh-tunnel/Wed, 13 May 2026 00:00:00 +0000https://mksit.sknt.ru/posts/ssh-tunnel/<p>Туннель из подручных средств, только ssh и немного iptables</p> <p>На сервере</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl"><span class="c1"># vim /etc/ssh/sshd_config</span> </span></span><span class="line"><span class="cl">PermitTunnel yes </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">systemctl restart ssh </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># проверь что модуль tun загружен</span> </span></span><span class="line"><span class="cl">modprobe tun </span></span><span class="line"><span class="cl">lsmod <span class="p">|</span> grep tun </span></span></code></pre></div><p>На клиенте, всё делаем от root</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl"><span class="c1"># подключение</span> </span></span><span class="line"><span class="cl">ssh -w 0:0 root@1.2.3.4 </span></span><span class="line"><span class="cl"><span class="c1"># создаст `tun0` на клиенте и `tun0` на сервере</span> </span></span></code></pre></div><p>На сервере</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl"><span class="c1"># nat, forwarding</span> </span></span><span class="line"><span class="cl">iptables -t nat -A POSTROUTING -s 10.0.0.0/30 -o eth0 -j MASQUERADE </span></span><span class="line"><span class="cl">iptables -A FORWARD -o tun0 -j ACCEPT </span></span><span class="line"><span class="cl">iptables -A FORWARD -i tun0 -j ACCEPT </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">sysctl -w net.ipv4.ip_forward<span class="o">=</span><span class="m">1</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">ip addr add 10.0.0.2/30 peer 10.0.0.1 dev tun0 </span></span><span class="line"><span class="cl">ip link <span class="nb">set</span> tun0 up </span></span></code></pre></div><p>На клиенте</p>