将 frps 及 frps.ini 放到具有公网 IP 的机器上。
将 frpc 及 frpc.ini 放到处于内网环境的机器上。
通过 ssh 访问公司内网机器
- 修改 frps.ini 文件,这里使用了最简化的配置,设置了 frp 服务器端接收客户端流量的端口:
# frps.ini [common] bind_port = 7000
- 启动 frps:
./frps -c ./frps.ini
- 修改 frpc.ini 文件,假设 frps 所在服务器的公网 IP 为 x.x.x.x:
# frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6000
注意,local_port(客户端侦听)和 remote_port(服务器端暴露)是用来出入 frp 系统的两端,server_port 则是服务器用来与客户端通讯的。
- 启动 frpc:
./frpc -c ./frpc.ini
- 通过 ssh 访问内网机器,假设用户名为 root:
[root@iZbp145axkc98giot5b448Z ~]# ssh -oPort=6000 root@xxxxxxxx The authenticity of host '[xxxxxxxx]:6000 ([xxxxxxxx]:6000)' can't be established. ECDSA key fingerprint is SHA256:1yHUa+RUgkHbNQ4znmazqK+Ogboet+f6pplQBSF7oos. ECDSA key fingerprint is MD5:a7:d9:f4:94:0f:17:01:d8:3c:33:0f:fc:38:bb:67:fb. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[xxxxxxxx]:6000' (ECDSA) to the list of known hosts. root@xxxxxxxx's password: Last login: Thu May 7 22:42:36 2020 from 192.168.180.1 [root@192 ~]#