ssh tunnel

修改20160916

目的

示範使用linux與windows的putty製作ssh tunnel連線

tolopogy

local host需要在forward host上建立ssh tunnel並連到remote host

local host必須要能夠在forward host上建立ssh連線

local host在自己身上選定port當作通道

選定remote host的ip與port

完成後local host使用自己的port連到remote host的ip和port，remote host只會看到是forward host與他建立連線

windows/linux(unix)實作

使用windows 10, putty, ip 10.10.10.10

1.putty->category->connection->SSH->Turrenls

Source port 22222是在local host建立port

Destination 10.10.9.2:22是建立連到remote host的ip和port

2.local host與forward host 10.10.10.22建立連線

3.建立ssh tunnel完成

4.利用ssh tunnel與remote host做ssh連線

5.驗證，在remote host上可以看到登入的ip是10.10.9.1

使用macbook, terminal, ip 10.10.10.1

1.-N 不會執行對方的命令，就是不需要操作forward host
-f 背景執行
-L 後面接ip和port設定
完整指令 ssh -N -f -L [local port]:[remote ip]:[remote port]  [forward host]

驗證

chattr lsattr

更新20160912

來源man chattr

chattr [ -RVf ] [+-=[aAcCdDeijsStTu]] file

-R     Recursively change attributes of directories and their contents.

-V     Be verbose with chattr's output and print the program version.

-f     Suppress most error messages.

屬性
a:檔案只能增加資料，不能覆蓋或刪除. 

A:讀取檔案不會增加atime，減少disk存取次數.

c:the file is automatically compressed on the disk by the kernel.
C:the file will not be subject to copy-on-write updates.
d:the file is not candidate for backup.
D:the file changeling are written synchronously on the disk.
e:the file is using extents for mapping the blocks on disk. 
E:the experimental encryption patches to indicate that the file has been encrypted.


The 'h' attribute indicates the file is storing its blocks in units of the filesystem blocksize instead of in units of sectors, and means that the file is (or at one time was) larger than 2TB.




A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file.






A file with the 'j' attribute has all of its data written to the ext3 or ext4 journal before being written to the file itself




A file with the 'N' attribute set indicates that the file has data stored inline, within the inode itself.




A directory with the 'P' attribute set will enforce a hierarchical structure for project id's.




When a file with the 's' attribute set is deleted, its blocks are zeroed and written back to the disk. 




When a file with the 'S' attribute set is modified, the changes are written synchronously on the disk;




A file with the 't' attribute will not have a partial block fragment at the end of the file merged with other files (for those filesystems which support tail-merging). 




A directory with the 'T' attribute will be deemed to be the top of directory hierarchies for the purposes of the Orlov block allocator.




When a file with the 'u' attribute set is deleted, its contents are saved. 




The 'X' attribute is used by the experimental compression patches to indicate that the raw contents of a compressed file can be accessed directly.




The 'Z' attribute is used by the experimental compression patches to indicate a compressed file is dirty.