Hetzner multi-server group intranet realizes server connection through intranet IP

Original link: https://www.microcharon.top/tech/331.html

Hetzner ARM 伺服器

Intranet between Hetzner servers to realize intranet connection to other servers via SSH requires at least two or more servers

Idea: user (local device) ⇾ server A (public network + private network) ⇾ server B (private network)

A total of three ARM servers are prepared this time, servers A (10.0.0.2) and B (10.0.0.3) have public network IPv4/6 addresses, and server C (10.0.0.4) has no public network address

Experiment 1

preset conditions

The local network has a public IP address, server A has a public network address, and server B also has a public network address, and servers A and B are in the same intranet at the same time

 +--------------------------+ +--------------------------+ | 本地设备(用户) | | 服务器A | | | | | | 公共网络⇨--------|-----------|--------⇨ 公用网络| | | | 专用网络| +--------------------------+ +--------------------------+ ⇧ | |专用网络| ⇩ +--------------------------+ | 服务器B | | | | 专用网络| | 公用网络| +--------------------------+

Create a network in the Hetzner console, the IP range defaults to 10.0.0.0, 10.0.0.0/16

创建内网

run the experiment

Create a key in server A

伺服器SSH密钥示例(由Termius创建)

 #创建ed25519 密钥,当然类型可以换为rsa, dsa, ecdsa 等,此处不讲ssh-keygen -t ed25519 #此处得到console 输出,要求选择保存密钥位置,此处默认不变Generating public/private ed25519 key pair. Enter file in which to save the key (/root/.ssh/id_ed25519): #接着得到如下输出,要求设置通行短语,此处可以略过不设置Enter passphrase (empty for no passphrase): Enter same passphrase again: #然后得到如下输出,说明已成功设置好密钥Your identification has been saved in /root/.ssh/id_ed25519 Your public key has been saved in /root/.ssh/id_ed25519.pub The key fingerprint is: SHA256:a1UFStpVej2W1SbgGjCR+LPVBgQty5gey27PsHCvC2A root@ubuntu-8gb-fsn1-1 The key's randomart image is: +--[ED25519 256]--+ | .=*o ++oo| | . o*o+ o..=| | =.o+o+ .*.| | + = .+o.. .| | E o oS+o. | | . . + .o | | oo o | | +o* | | .+++ | +----[SHA256]-----+ #查看密钥cat ~/.ssh/id_ed25519.pub #得到伺服器A 的公钥输出ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNt0ex360C/WsE9uhL0CTx/+3s2e3VwDhxOoWs6/sv3 root@ubuntu-8gb-fsn1-1

伺服器A创建好SSH密钥

Add the public key of server A to server B

 #用sed 命令在伺服器B 中新插入一行伺服器A 的公钥,添加伺服器A的公钥到其授权密钥列表中sed -i '$ a ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNt0ex360C/WsE9uhL0CTx/+3s2e3VwDhxOoWs6/sv3 root@ubuntu-8gb-fsn1-1' ~/.ssh/authorized_keys #或是通过vim, nano 等命令手动在authorized_keys 中插入公钥vim ~/.ssh/authorized_keys #检查是否添加成功cat ~/.ssh/authorized_keys

Server A connects to server B through intranet SSH

 #内网连接10.0.0.3 ssh [email protected] #要求是否添加指纹,此处默认选择yes The authenticity of host '10.0.0.3 (10.0.0.3)' can't be established. ED25519 key fingerprint is SHA256:4KTAXUbBIGxV6XfYja9LdG3GB4YVI9XSULd+/QHRRBY. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '10.0.0.3' (ED25519) to the list of known hosts. #伺服器B中查看登录情况who | grep 'root' #得到输出,伺服器A (10.0.0.2) 已登录伺服器B root pts/0 2023-07-04 00:52 (20.24.195.10) root pts/1 2023-07-04 01:23 (10.0.0.2) #netstat netstat -an | grep 10.0.0.2 #得到输出tcp 0 0 10.0.0.3:22 10.0.0.2:35968 ESTABLISHED

伺服器A已成功在内网连接伺服器B

Experiment 2

preset conditions

The local network has a public IP address, server A has a public IP address, server C has no public IP address, and servers A and C are in the same intranet at the same time

 +--------------------------+ +--------------------------+ | 本地设备(用户) | | 伺服器A | | | | | | 公共网络⇨--------|-----------|--------⇨ 公用网络| | | | 专用网络| +--------------------------+ +--------------------------+ ⇧ | |专用网络| ⇩ +--------------------------+ | 伺服器C | | | | 专用网络| | | +--------------------------+ 

将实验1中伺服器A的公钥添加到Hetzner Console中

Add the public key to server C when creating a new server C

run the experiment

Server A connects to server C through intranet SSH

伺服器A已成功在内网连接伺服器C

Experiment 3

There may be experiment 3, further experiments

References

Creating a Server – Hetzner Docs

Setting up an SSH key | Hetzner Community

This article is transferred from: https://www.microcharon.top/tech/331.html
This site is only for collection, and the copyright belongs to the original author.