search

fatedier / frp

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Apache License 2.0
86.88k stars 13.4k forks source link

[STCP ssh gateway INFO] - Information about Usage Secret_TCP/Visitors through ssh gateway #4556

Open fabiopierrisynclab opened 2 days ago

fabiopierrisynclab commented 2 days ago

Bug Description

Hi @fatedier I'm trying to setup an stcp tunnel with frp via the ssh gateway. On machine A I started frp with the following command to forward ssh port 22:

ssh -p 2222 -R :80:127.0.0.1:22 v0@frp.mydomain.link stcp -n="test-22-ssh-secret" --sk=abc --allow-users="*" -u=ssh -t=mytoken

Frp start with:

frp (via SSH) (Ctrl+C to quit)

User: ssh
ProxyName: ssh.test-22-ssh-secret
Type: stcp
RemoteAddress:

Note: RemoteAddress is empty... Is correct?

Furthermore The problem is that I haven't quite understood how to start the frp ssh tunnel in visitor to connect to machine A. I tried to forward the remote port (22) to local port (9000):

ssh -p 2222 -L localhost:9000:127.0.0.1:22 v0@frp.mydomain.link stcp -n="test-22-ssh-secret" --sk=abc -u=ssh -t=mytoken

The connection fail.

Could you kindly explain to me how to use ssh gateway to configure stcp (secret_ssh and visitors) on both machine A and machine B. What I want to get is the equivalent of this toml configuration in stcp ssh gateway for machine A and B:

[[proxies]]
name = "secret-tcp"
type = "stcp"
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22
allowUsers = ["*"]

Machine B

[[visitors]]
name = "tcp-visitor"
type = "stcp"
serverName = "secret-tcp"
secretKey = "abcdefg"
bindAddr = "127.0.0.1"
bindPort = 9000

can you show me the complete commands?

machine A (stcp secret_ssh): ssh command=?? Machine B (stcp visitors): ssh command=??

frpc Version

0.61.0

frps Version

0.61.0

System Architecture

linux/amd64

Configurations

frps configuration:

bindPort = 7835 kcpBindPort = 6000 quicBindPort = 7000 sshTunnelGateway.bindPort = 2222

bindAddr = "0.0.0.0" proxyBindAddr = "0.0.0.0"

transport.maxPoolCount = 50

vhostHTTPPort = 8080

vhostHTTPTimeout = 7200

webServer.addr = "0.0.0.0" webServer.port = 7500 webServer.user = "admin" webServer.password = "mytoken"

auth.method = "token" auth.token = "mytoken"

subDomainHost = "frp.mydomain.link "

Logs

No response

Steps to reproduce

  3. ...

Affected area

fatedier commented 1 day ago

The SSH gateway method does not support being used as a visitor client.

fabiopierrisynclab commented 8 hours ago

Ok thanks! Any chance to implement this feature? It would be great to have the whole secret/visitors loop available via ssh.

fatedier commented 5 hours ago

It's relatively complex, and there are currently no plans to support it.