安裝
apt install -y nginx libnginx-mod-stream
建立 NGINX 憑證
mkdir -p /etc/nginx/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
編輯 /etc/nginx/nginx.conf 加入
stream {
server {
listen 443 ssl; # Or 80 for HTTP
proxy_pass ssh_backend;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
#加密方式
ssl_protocols TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
}
upstream ssh_backend {
server 127.0.0.1:22; # Or the actual SSH server IP and port
}
}
編輯 /etc/nginx/nginx.conf
設定 HTTP Options
server_tokens off;
編輯 /etc/ssh/sshd_config 加入
DebianBanner no
連線方式
ssh -o ProxyCommand="openssl s_client -servername localhost -connect <nginx server>:443 2>&1" root@l -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=ERROR
ssh -o ProxyCommand="openssl s_client -connect <nginx server>:443 2>&1" user@ -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=ERROR
沒有留言:
張貼留言