Achieve intranet penetration and remote development with vscode remote SSH plug-in and Sakura Frp

  • Recently, the group is equipped with a computer, which has better performance than my notebook, especially a 3080Ti graphics card. It would be a pity if we don't make the best use of everything. So I installed the sunflower remote software immediately after I got it. I felt it was ok, but it was always a little stuck. I couldn't write code or anything. I can see the operation of the program at most
  • Today, a classmate taught me how to use vscode to connect the servers in the group. Suddenly, I felt very good. By connecting in the form of a plug-in, I could write programs almost like local development and enjoy high performance. So I tossed around for a few hours tonight and equipped a set
  • Both systems are win10

1. Establish ssh connection

1.1 installing OpenSSH components

  • Now win10 has its own OpenSSH server and client. In the past two years, OpenSSH client has even been pre installed, so it is much more convenient.
    1. Toolbar search application - > optional features - > installed features (ensure OpenSSH client is installed) - > add features (install OpenSSH server)

    2. Toolbar search service - > find OpenSSH SSH Server and openssh authentication agent - > start the service and set it to automatic

    3. Open the power shell and check the installation and operation with the following command

      Get-Service sshd 												# Check if the server is already running
      Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' 		# Check that the components are installed

      The normal conditions are as follows (in theory, the remote host only installs OpenSSH SSH Server, and the client only installs OpenSSH Authentication Agent)

1.2 server configuration

  • The remote host is the server. Open the power shell as an administrator, enter the following command to configure, and start the SSHD service
    Start-Service sshd
    # OPTIONAL but recommended:
    Set-Service -Name sshd -StartupType 'Automatic'
    # Confirm the Firewall rule is configured. It should be created automatically by setup. 
    Get-NetFirewallRule -Name *ssh*
    # There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled
    # If the firewall does not exist, create one
    New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
  • After setting, the server will start listening to port 22 and preparing to connect to the client

1.3 connecting clients

  • Theoretically, if the Server and Client are connected to the same LAN, such as the same wifi, the same hotspot and the same router (wired), the Client should already be able to discover and connect to the Server

    1. Open the power shell as an administrator and enter the following command
      ssh username@servername -p port
      1. username: the server user name, which is XXXX in the path C:\Users7\XXXX. The name you see when you enter the password when starting up
      2. servername: some people say it is the computer name of the server, which is the "device name" in system - > about, but it seems that this is not very good in my own test. Just write the ip address of the server. If it is in the same LAN, cmd enter the command ipconfig and find the ipv4 address and write it
      3. -p port: This specifies to connect to port. If you do not write, it will be connected to port 22 by default. The ssh command also provides many other settings, which can be configured as required below
        usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
                   [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
                   [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
                   [-i identity_file] [-J [user@]host[:port]] [-L address]
                   [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
                   [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
                   [-w local_tun[:remote_tun]] destination [command]
    2. If everything is normal, the client will respond. For each new server connected for the first time, the client displays the following message
      The authenticity of host 'servername (' can't be established.
      ECDSA key fingerprint is SHA256:(<a large string>).
      Are you sure you want to continue connecting (yes/no)?
      Enter yes and press enter, which will add this server to the list of known ssh remote hosts of this client
    3. You will be asked to enter the password below. In fact, it is the password you entered when the server is turned on. Enter it and the connection is completed
  • After connecting, the default connection object is the Windows command line interpreter of the server. If you don't like cmd, you can

    1. Set to connect to the server power shell
      New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
    2. Set to connect to server Git bash
      New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
  • To exit and return to the client, enter exit and press enter

2. Connect using a key

  • Using the connection method just described, the last step in Section 1.3 will require you to enter the account password of the server. If you don't want to write it every time, you can use the key method to connect
  • This key is as like as two peas of github SSH public key private key. The key command generates a matching pair of public and private keys. The private key is equivalent to the password. Keep it well; Public keys are equivalent to locks. They are placed directly on the server without protection, but will not affect security. Only by using the matching private key can the corresponding public key be opened to enter the server
  • The entire configuration connection process is as follows
    1. To the username\.ssh path, use the following command to generate the key
    2. Next, you will be prompted to enter a save path. If not, the default private key ID will be entered_ RSA, public key If you have a github warehouse, be careful. If you enter directly, your github key will be covered.
      Generating public/private rsa key pair.
      Enter file in which to save the key (C:\Users\username\.ssh\id_rsa):
    3. Then you are asked to enter a password. When you finally connect, you will not ask the password of the server account, but the key password. If you get the right answer, go directly to the server, and if you get the wrong answer, you will be stuck here until you get the right answer. After you get the right answer, you have to answer the server account password again to connect. This password can also be set to blank. Just enter
      Enter passphrase (empty for no passphrase): 
      Enter same passphrase again: 
      Your identification has been saved in C:\Users\username\.ssh\id_rsa.
      Your public key has been saved in C:\Users\username\.ssh\
      The key fingerprint is: 
      SHA256:OIzc1yE7joL2Bzy8!gS0j8eGK7bYaH1FmF3sDuMeSj8 username@server@LOCAL-HOSTNAME
      The key's randomart image is:
      +--[RSA 2048]--+
      |        .        |
      |         o       |
      |    . + + .      |
      |   o B * = .     |
      |   o= B S .      |
      |   .=B O o       |
      |  + =+% o        |
      | *oo.O.E         |
      |+.o+=o. .        |
    4. After generating the key, the public key with. pub suffix is the public key. Next, put it in the server. First open the public key with Notepad, copy and send the content to the remote host, paste it on a. txt after arriving at the host, delete the suffix, and change the file name to authorized_keys, put them in the username\.ssh path
    5. The server administrator opens the power shell and executes the command
      notepad C:\ProgramData\ssh\sshd_config
      An open txt file will pop up, comment out the last two lines and save
      #Match Group administrators 
      #       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
    6. Finally, search the service in the toolbar - > find OpenSSH ssh server - > restart the service, and then the client can log in to the remote server through public key authentication
  • After the configuration is completed, use the following command on the client to connect
    ssh username@servername -p port -i id_rsa
    Notice the ID here_ RSA is the path to the client private key

3. Intranet penetration

  • On the Internet, each computer uses ip to represent its own address in order to send and receive information. But there are too many computers in the world. In fact, it has already exceeded the total number of different addresses that ipv4 can form. In order not to crash, ip is divided into intranet ip and public ip. Only public ip can access all ip of the whole Internet, and Intranet ip can only access ip in the public network and the same intranet. In this way, ip address reuse can be realized, just as each cell has one unit, two units and three units
  • Because of this problem, the method discussed above is only effective when the server and client are in the same LAN. This is a big problem for me, because only the campus network can cover the distance from my dormitory to the laboratory. In order to maintain the remote connection, no matter how fast the network speed is, I have to let them hang on the campus network all the time. It's useless to go home or on business.
  • Fortunately, there is another trick, that is, intranet penetration. This requires that we have a public network server, which acts as an intermediary to help us "deliver messages". Here I choose sakura frp The free intranet penetration service provided has a good effect
  • The following figure shows the public network server I configured. Note that this is configured by downloading software on the OpenSSH server side

    For SSH Remote control requirements like mine, you can use TCP connection. The local ip is optional. The local port (that is, the server port) should be set as the default SSH port 22. The remote port I use is 49134 randomly assigned. Note that this port should be specified when connecting. Of course, configuring this tunnel will also assign you a public ip. The more important parameters are local port (22), remote port and public ip

4. Edit the remote project using VSCode

  1. Install the remote SSH plug-in
  2. After turning, an icon will appear in the left sidebar, as shown in circle 1. After clicking, click the "+" sign on the left of circle 2, and enter the ssh connection command, such as ssh, in the text box popped up in the middle of the top of the screen -p xxx -i xxx_ RSA, after entering the password as prompted, you can connect to the remote host. Moreover, this connection will be recorded. After that, just click the icon shown in circle 2 to connect directly without repeatedly entering commands. After connection, it is like opening a local project. There is almost no delay, and there are no problems such as display scale
  3. Click the gear icon on the right of the "+" in the above figure, and select C:\Users\xxx\.ssh\config in the pop-up option in the middle to open the configuration file of remote connection, as shown in
    Host hostname
      HostName hostname
      User username
      IdentityFile "C:\Users\username\.ssh\id_rsa"
      Port 1234
    Where hostname is the name displayed in vscode, which can be written freely; username is the Server user name, and the remote Port where intranet penetration is to be written at Port; IdentityFile is the address of the Client's private key file. If the settings change, you can easily modify them from here

Tags: ssh Visual Studio Code

Posted on Fri, 15 Oct 2021 19:49:35 -0400 by Donnamabob