Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Intranet equipment connection method and system based on SSH reverse tunnel

A device connection and tunnel connection technology, applied in the computer field, can solve the problems of limiting the maximum number of connections and occupying multiple ports of the bastion machine, so as to prevent scanning and attacks and improve security

Pending Publication Date: 2021-12-31
SHANGHAI HODE INFORMATION TECH CO LTD
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, because a tunnel of traditional SSH is based on one port, when there is a scenario of accessing multiple intranet devices, multiple ports of the bastion machine will be occupied
Usually there is an upper limit (65535) on the number of ports of the bastion host, so the maximum number of connections is limited

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intranet equipment connection method and system based on SSH reverse tunnel
  • Intranet equipment connection method and system based on SSH reverse tunnel
  • Intranet equipment connection method and system based on SSH reverse tunnel

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0073] image 3 A specific flow chart of a method for connecting an intranet device based on an SSH reverse tunnel according to Embodiment 1 of the present application is schematically shown.

[0074] like image 3 As shown, the SSH reverse tunnel-based intranet device connection method may include the following steps S301-S306, wherein:

[0075] Step S301: the external network device 201 sends login information to the internal network proxy server 202.

[0076] Specifically, a proprietary client is installed in the external network device 201; the main functions of the proprietary client include: installing the SSH client and authentication part logic locally on the machine to ensure the normal implementation of the functions; in addition, the proprietary client uses the client-specific There is an agreement to use two-factor authentication when logging in to the intranet proxy server 202, that is, the authentication method of account password + dynamic password. Among the...

Embodiment 2

[0120] Figure 4 Schematically shows a block diagram of an external network device according to Embodiment 2 of the present application. The external network device can be divided into one or more program modules, and one or more program modules are stored in a storage medium and controlled by one or more Executed by multiple processors to complete the embodiment of the present application. The program modules referred to in the embodiments of the present application refer to a series of computer program instruction segments capable of accomplishing specific functions. The following description will specifically introduce the functions of the program modules in the embodiments of the present application.

[0121] like Figure 4 As shown, an internal structure of the above-mentioned external network device 201 may include the following modules: an internal network device connection request sending module 401, an SSH tunnel module 402;

[0122] Wherein, the intranet device con...

Embodiment 3

[0128] Figure 5 Schematically shows a block diagram of an intranet proxy server according to Embodiment 3 of the present application, the intranet proxy server can be divided into one or more program modules, one or more program modules are stored in a storage medium, and Executed by one or more processors to complete the embodiments of the present application. The program modules referred to in the embodiments of the present application refer to a series of computer program instruction segments capable of accomplishing specific functions. The following description will specifically introduce the functions of the program modules in the embodiments of the present application.

[0129] like Figure 5 As shown, an internal structure of the aforementioned intranet proxy server 202 may include: an intranet device connection request receiving module 501 , and an active connection establishment command sending module 502 .

[0130] The internal network device connection request re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides an intranet equipment access method and system based on an SSH reverse tunnel. The method comprises the steps: sending a connection request of intranet equipment to an intranet proxy server, so as to enable the intranet proxy server to send an active connection establishment command to the intranet equipment according to the connection request; and after a request for establishing SSH connection sent by the intranet equipment according to the active connection establishment command is received, multiplexing an SSH reverse tunnel to connect to the intranet equipment. According to the embodiment of the invention, the SSH technology can be adopted to ensure the safety of transmission data, and the number of accessed intranet equipment is not limited by the number of machine ports.

Description

technical field [0001] The embodiments of the present application relate to the field of computer technology, and in particular to a method, system, computer equipment, and computer-readable storage medium for connecting intranet devices based on an SSH reverse tunnel. Background technique [0002] In a specific network (referred to as the intranet), in order to protect the network and data from intrusion and damage from external and internal users, a bastion machine is usually used to monitor and record the servers and network devices in the network using various technical means. , security equipment, database and other equipment operation behaviors, so as to centralize alarm, timely processing and audit to determine responsibility. [0003] At present, a schematic diagram of how an external network device (such as an external network server or an external network terminal) accesses an internal network device, as shown in figure 1 As shown, the external network devices usu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0281H04L63/1441
Inventor 马鑫霖赵冰清刘宇
Owner SHANGHAI HODE INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products