如何通过SSH连接到Android超过3G / 4G Public IP? -- networking 领域 和 ssh 领域 android 相关 的问题

How to connect to Android through SSH over 3G/4G public IP?


简体版||繁體版
7
vote

问题

中文

我有一个Android设备,我想通过3g / 4g连接,我正在拒绝连接。

任何想法如何做到这一点?

english

I am having an Android device and I want to connect in via 3G/4G and I am getting connection refused.

Any ideas how to do that?

     
     
     

回答列表

10
 
vote

如果在Android设备上运行的工作SSH服务器,则可以在本地/专用网络上连接到它,而不存在任何问题(在适当的身份验证设置后显然)。如果您的手机具有真正的公共IP地址(我认为在地球上发生),则可以保持相同的公共网络(互联网)。但是,当您需要交叉网络时,即遍历网关和路由器,涉及网络地址转换。如果您的SSH服务器无法接触到公共IP地址,您将无法从Internet访问您的设备。


nat和pat?
简单的单词,NAT是从私人地址到公共路由的源IP的转换;当IP数据包离开路由器时,他们称之为 - 地址,以便可以使用可识别的IP地址发送数据包。在路由器处收回相同数据包的响应时发生反转。它意味着将本地网络上每个主机(电话,PC等)的私有IP映射到唯一的公共IP。但在通常的情况下,我们只有一个由ISP分配的公共IP。因此端口地址转换出现了行动。 Pat将每个本地IP地址转换为相同的公共IP地址,但使用唯一的端口。

什么是cgnat?
要解决 IP地址短缺,Internet服务提供商还执行NAT,称为运营商级NAT 。这意味着ISP向您分配的IP地址不是公共但私有IP地址。这是一个具有移动数据的明确情况,即3G / 4G,但与DSL连接不太常见。
如果ISP分配给手机的IP(您可以通过 ip address | grep inet 命令检查)与这里,你是一个cgnat。同样对于Wi-Fi路由器,PPP连接设置下出现的IP地址应与公共IP匹配。

动态IP地址:
为了最大限度地利用可用的IP地址池,即使没有CGNAT,ISP也会主要分配动态IP地址。因此,根据ISP的政策,公众IP每天,每周,每月或随机或随机等待。


ipv6 是不需要NAT的即将到来的协议地球上的网络主机将能够拥有唯一的IP地址。


解决方案:
现在来你的问题:

  • 如果没有cgnat,我们可以通过设置端口转发。但是这个选项不起作用如果:

    • 在当地网络上有多个主机在侦听同一端口(22如果在SSH)上)。
    • ISP防火墙不允许您接收传入连接。
    • ISP将您锁定路由器的端口转发部分或3G / 4G路由器根本没有端口转发设置。

  • 通过注册DDNS服务可以解决动态IP问题。它为您指定了始终解析为当前公共IP的域名。 dynudns 是一个适合我的免费服务。您必须在手机或PC上安装软件,以使其更新您的公共IP。

  • 据CGNAT关注:
    • 如果您的ISP提供此服务,则可以选择购买静态公共IP,但在大多数情况下,价格并不"听到" 。
    • 注册一个服务,可让您在公共Vpn上配置端口转发。如果您不害怕您的流量嗅到,有免费(对于一个端口转发)解决方案,如 portmap.io 也是如此:)另一个专门的解决方案是 ngrok ,它使用http,tls和tcp隧道。
    • 将SSH(较慢)或VPN(更快)隧道(更快)从您的手机到个人服务器进行设置。
      • 为最佳安全性和隐私,设置自有服务器。您可以使用您的宽带连接(如果有公共IP)为此目的,或者可以要求一些朋友为您提供此服务。
      • 购买一些值得信赖的云vps解决方案,就像aws托管您的个人 SSH / VPN服务器。 setup 有点技术,但引导程序( 1 , 2 " 。

如果您使用最后一个选项(使用公共/静态/专用IP地址设置个人SSH或VPN服务器),请按照以下步骤将特定端口从SSH / VPN服务器转发到手机:

  • ssh:

    使用ssh服务器设置,可以从手机创建 abcdefghijklmnReverse Port Forwarding 隧道。请注意,如果您在同一端口上连接到服务器,则无法将远程服务器(默认SSH)端口22转发到手机端口22。

    确保<代码> GatewayPorts yes 和 AllowTcpForwarding yes 在服务器上设置为 sshd_config ,因此sshd允许端口转发并接受公共连接。现在在手机上创建一个反向隧道:

      ~$ ssh -NTR 2222:localhost:22 <server_user>@<server_ip>   

    您可以使用或一些应用程序如 ConnectBot 如果需要。

    进一步选项,请参阅此答案

  • vpn:

    使用VPN应用程序连接到VPN服务器。当在虚拟专用网络(VPN)上时,服务器和手机都成为本地网络的一部分,因此只需应用 iptables DNAT 将特定端口转发到手机的IP:

      ~# iptables -t nat -I PREROUTING -p tcp --dport 2222 -j DNAT --to <phone_ip>:22   

    服务器上也需要在VPN服务器配置期间已设置的IP转发:

      Reverse Port Forwarding0  
现在你可以<代码> Reverse Port Forwarding1 从Internet上的任何主机到手机:
  Reverse Port Forwarding2  

身份验证后您将登录到您的手机。


我在这里解释了ssh的例子。以同样的方式,您可以在手机上运行任何其他服务器,并将其端口从SSH / VPN服务器(带有公共IP)转发到手机(没有公共IP),以便您的服务器可从Internet访问。


相关:

  • 如何运行SSH / SFTP服务器,用于在Android上具有密码身份验证的多个用户登录?
  • 如何通过ssh连接两部电话?

 

If you have a working SSH server running on Android device, you can connect to it on local/private network without any issues (after proper authentication setup obviously). Same may hold true for public network (internet) if your phone has a true public IP address (I don't think that happens on earth). However, when you need to cross networks i.e. traversing gateways and routers, there is Network Address Translation involved. You won't be able to access your device from internet if your SSH server can't be exposed to a public IP address.


WHAT IS NAT AND PAT?
In simple words, NAT is the translation of source IP from private address to public - routable; what they call it - address when an IP packet is leaving the router, so that packet could be sent back with identifiable IP address. Inverse happens when response for same packet is received back at router. It would mean mapping private IP of every host (phone, PC etc.) on local network to a unique public IP. But in usual cases, we just have one public IP assigned by ISP. So Port Address Translation comes in action. PAT translates every local IP address to same public IP address but with a unique port.

WHAT IS CGNAT?
To address the problem of IP Address Shortage, Internet Service Providers also perform NAT, called Carrier Grade NAT. It means that IP address assigned by ISP to you isn't either a public but private IP address. This is a definite situation with Mobile Data i.e. on 3G/4G but less common with DSL connections.
If the IP assigned to your phone by ISP (you can check by ip address | grep inet command) is different from the one shown here, you are behind a CGNAT. Similarly for Wi-Fi router, IP address appearing under PPP Connection Settings should match with the public IP.

DYNAMIC IP ADDRESS:
In order to maximum utilize the available pool of IP addresses, ISP's mostly assign dynamic IP address even when there is no CGNAT. So the public IP keeps on changing on daily, weekly, monthly or randomly basis, depending on the ISP's policy.


IPv6 is the upcoming protocol which won't need NAT and every network host on earth would be able to have a unique IP address.


SOLUTION:
Now coming to your question:

  • If there is no CGNAT, we can tackle the problem of DSL/3G/4G router's NAT by setting up Port Forwarding. But this option doesn't work if:

    • There is more than one hosts on local network that listen on same port (22 in case of ssh).
    • ISP firewalls don't allow you to receive incoming connections.
    • ISP locks you out of your router's Port Forwarding section or a 3G/4G router doesn't have a Port Forwarding settings at all.
  • Problem of Dynamic IP can be worked around by signing up a DDNS service. It assigns you a domain name that always resolves to your current public IP. DynuDNS is a free service that works perfect for me. You will have to install their software on your phone or PC to keep them updated of your public IP.

  • As far as CGNAT is concerned:
    • You can opt to buy a static public IP if your ISP provides this service but the price isn't "hearing friendly" in most cases.
    • Sign up for a service that lets you configure Port Forwarding on public VPN. There are free (for one port forwarding) solutions like portmap.io as well if you are not afraid of your traffic being sniffed :) Another specialized solution is ngrok that uses HTTP, TLS and TCP tunnels.
    • Setup a SSH (slower) or VPN (faster) tunnel from your phone to a personal server.
      • For best security and privacy, setup a self-owned server. You may use your broadband connection (if that has a public IP) for this purpose or may ask some friend to offer you this service.
      • Buy some trustworthy cloud VPS solution like AWS to host your personal SSH/VPN server. Setup is a bit technical but guides (1, 2) are available.

If you go with last option (setup a personal SSH or VPN server with public/static/dedicated IP address), follow the steps below to forward a specific port from SSH/VPN server to your phone:

  • SSH:

    With an SSH server setup, you can create Reverse Port Forwarding tunnel from your phone. Note that you can't forward remote server's (default SSH) port 22 to your phone's port 22 if you are connecting to the server on same port.

    Make sure GatewayPorts yes and AllowTcpForwarding yes are set in sshd_config on server, so that sshd allows port forwarding and accepts connections from public. Now on your phone create a reverse tunnel:

    ~$ ssh -NTR 2222:localhost:22 <server_user>@<server_ip> 

    You can make ssh tunnel persistent using autossh or some app like ConnectBot if you want.

    For further options see this answer.

  • VPN:

    From your phone connect to the VPN server using a VPN app. When on a Virtual Private Network (VPN), both server and phone become part of a local network, so just apply iptables DNAT to forward the specific port to your phone's IP:

    ~# iptables -t nat -I PREROUTING -p tcp --dport 2222 -j DNAT --to <phone_ip>:22 

    IP Forwarding is also required on server, which has probably been already set up during VPN server configuration:

    ~# echo 1 >/proc/sys/net/ipv4/ip_forward ~# iptables -I FORWARD -d <phone_ip> -j ACCEPT ~# iptables -I FORWARD -s <phone_ip> -j ACCEPT 

Now you can ssh from any host on internet to your phone:

~$ ssh <phone_user>@<server_ip> -p 2222 

You'll be logged in to your phone after authentication.


I explained here the SSH example. In the same way you can run any other server on your phone and forward its port from SSH/VPN server (with public IP) to your phone (with no public IP) so that your server becomes accessible from internet.


RELATED:

  • How to run SSH/SFTP server for multiple user logins with password authentication on Android?
  • How to connect two phones via SSH?
 
 
         
         

相关问题

24  是否有任何命令行SSH客户端可用于rooted Android手机?  ( Are there any command line ssh clients available for rooted android phones ) 
我当然有connectbot,但我正在寻找我可以脚本的东西。 编辑:要澄清这里,我对来自终端的脚本不感兴趣。我要做的是以自动/计划方式运行SSH命令。 tasker和locale执行是Cron的等同器,我只需要的是'ssh'命令从 脚本运行 。 ...

6  在Android上的SSH和Vim / LaTex / C ++最舒适的方法是什么?  ( What is the most comfortable way to ssh and vim latex c on android ) 
如果我应该得到机器人x,我就是辩论。我想用它来工作,意思是乳胶和C ++中的代码。我使用vim。 我知道它可以使用connectbot。但是可能并不意味着我可以在咖啡店替代笔记本电脑。是否有人使用蓝牙键盘与Android设备,如此幸福( http://www.fourhourworkweek.com/blog/201...

16  是否有可能使用Android设备作为SSH的远程计算机作为X11服务器?  ( Is it possible to use an android device as x11 server for a remote machine over ) 
当我的台式电脑已启动时,我可以用我的笔记本连接到它,即使通过互联网(我设置了我的路由器将ssh转发到我的台式计算机)。我的桌面计算机运行GNU / Linux(Ubuntu Distro),所以我可以用x终端使用它。我的笔记本也经营Ubuntu。我只需要 ssh -X desktop.ip.addr ,然后我可以在桌...

7  终端仿真器的SSH尝试读取/data/.ssh而不是$ home / .ssh  ( Terminal emulators ssh trying to read data ssh instead of home ssh ) 
当我尝试使用终端仿真器的ssh时,我得到 ssh:警告:创建/data/.ssh失败:权限被拒绝。 或自2012-08-19: 无法创建目录'/ data / ssh_client'。 但是当我键入:时 echo $HOME /sdcard 为什么不ssh检查 /sdcard/.ssh 或 /sd...

6  Android键盘并重新映射Ctrl键  ( Android keyboard and remapping the ctrl key ) 
我有一个三星Galaxy 10.1运行Android版本4.1.2。我正在使用SSH来远程连接到我的主机,运行Ubuntu 12.04 LTS。一旦我连接,我就在Emacs 24.3中完成了所有工作。我还有一个蓝牙键盘。 我的问题是重新映射 caps lock 键,用作 ctrl 键。我通过更改终端选项中的设置与我的...

0  ssh到ubuntu桌面  ( Ssh to ubuntu desktop ) 
我已经使用动态DNS服务(NoIP)在Home上的Ubuntu桌面上设置了SSH服务器。我有一个Wi-Fi Android平板电脑运行Android版本4.4.2。在我的平板电脑上,我可以连接到其他SSH服务器,例如我的大学服务器。但是,我不能直接从我的平板电脑连接到我的桌面;每次尝试超时。但我能够连接到我的大学的服...

26  自动连接到Wi-Fi节点,但通过加密路由所有内容  ( Automatically connect to wi fi nodes but route everything through encryption ) 
与我关于VPNS 的问题,有没有办法让我的手机自动连接到未加密的接入点,但通过家庭网络路由所有流量? 这将是一种类似的间歇性,但是自由,数据计划的替代方案,只需同步我的电子邮件并且在看到开放接入点时会自动同步,但没有应用程序发送密码 cookie 在清除a htth://en.wikipedia.org/wiki/r...

4  无法在Android中添加主机到“known_hosts”  ( Cannot add host to known hosts in android ) 
我正在使用ssh从我的Android手机连接到我的NAS。 私钥在我的电脑上生成,然后放在手机的SD卡文件夹中。 所以我正在使用身份标志告诉SSH在哪里找到密钥文件,因此 ssh -i /storage/sdcard/key -p 1000 admin@192.168.10.10 每次尝试连接时,我都会收到...

5  通过sshdroid(或adb shell)运行tasker任务  ( Running a tasker task via sshdroid or adb shell ) 
我正在尝试通过sshdroid从adb shell手动运行任务任务。我是 在Putty中运行以下内容(Windows SSH客户端): am broadcast -a net.dinglisch.android.tasker.action_task -es task_name 沉默 我得到: 广播:意图{ac...

2  来自Android的SSHFS到NAS  ( Sshfs from android to nas ) 
我正在尝试通过 abcdefghijklmnabcdefghijklmnobcdefghijklmn0 安装到我的NAS上的文件夹上安装任何文件夹。目标将是例如 /sdcard/My Documents/My Recordings 文件夹设置,因此它几乎无限制了。我安装了通过 adb shell 连接。在 /data...




© 2022 it.wenda123.org All Rights Reserved. 问答之家 版权所有