linux – 如何在CentOS上使用基于密码的身份验证在ssh上设置SOCKS代理？

动态应用程序级端口转发(ssh -D)不支持此功能.相反,请查看 Dante： @H_301_6@[I] net-proxy/dante Available versions: 1.1.19-r4 (~)1.2.3 (~)1.3.0 (~)1.3.1 (~)1.3.1-r1 (~)1.3.2 {debug kerberos pam selinux static-libs tcpD} Installed versions: 1.3.2(04:14:03 PM 11/08/2011)(pam static-libs tcpd -debug -kerberos -selinuX) Homepage: http://www.inet.no/dante/ Description: A free socks4,5 and msproxy implementation

但请注意,密码以明文形式传输.

要配置基于用户名的身份验证,请打开/etc/sockd.conf文件并添加/更改以下内容：

@H_301_6@logoutput: syslog /var/log/dante.log # methods for socks-rules. method: username #rfc931 # when doing something that can require privilege,# it will use the userid "sockd". user.privileged: root # when running as usual,# it will use the unprivileged userid of "sockd". user.notprivileged: sockd pass { from: 0.0.0.0/0 to: 0.0.0.0/0 protocol: tcp udp command: bind connect udpassociate log: error method: username }

启动后检查监听套接字：

@H_301_6@# netstat -nlp | grep sockd tcp 0 0 127.0.0.1:1080 0.0.0.0:* LISTEN 5463/sockd tcp 0 0 192.168.15.36:1080 0.0.0.0:* LISTEN 5463/sockd

如果出错,请查看日志文件(/ var / log / messages或/var/log/dante.log).

PS：系统密码文件(/ etc / passwd)用于验证用户名和密码组合.