Pages

Sunday, 3 February 2013

创建商业SSH代理服务的方案

mkdir -p /opt/gfw
在/opt/gfw里面下载本文需要使用到的文件,我上传在 这里: 
https://www.box.com/s/pvy98dehewrd8oke6r1a了。
Download the file to /opt/gfw.
解压缩下载下来的文件:
tar zxvf sshserver.tar.gz
 
文件说明:
limit.pl: 这个是用来限制同一时间,只能有一个SSH用户登录,并且后来登录的会强制迫使之前登录的退出。这样可以有效防止一号多用,显失公平。
limit.pl: This file enable Linux to force only one session allowed for an account login.  By this file, to share/spread the SSH account is limited.
createUser.sh: 这个是用来初次创建用户的。如果用户已经存在,则会弹出警告,并退出程序。使用方法下面详解
createUser.sh: This is a file for create a new user. Say there is a new user purchase the account, you should run this file to create a new account for him. The manual will be listed below.
updateUser.sh: 这个是用来更新用户的过期时间,在用户续费的时候会用到。
updateUser.sh: This is for updating user expired date while user renews his account.
tcBandwidth.sh 这个是使用Linux TC来控制单用户的单线程连接速度,防止个别用户占用太多速度(默认限速为200Kb=25KB/线程,需要手工修改配置)
tcBandwidth.sh: This is a Linux TC program which is limit the connection bandwidth (download/upload). We use this program to prevent single user from occupying too much bandwidth.
5. 配置具体文件
5. Configurations
5.1 编辑开机启动文件
5.1 Edit Linux RC (system auto start configurations)
vim /etc/rc.d/rc.local
(Ubuntu: /etc/rc.local)
添加以下文本
Add the following text
/opt/gfw/limit.pl &
/opt/gfw/tcBandwidth.sh start
5.2 修改单用户限速配置 (当前目录为/opt/gfw/)
5.2 Change bandwidth limitation (Assume current work directory is /opt/gfw/)
vim tcBandwidth.sh
* 将IP修改成你的Linode服务器的公网IP,这个必须改哦。
* Change IP as your public Linode IP
* DNLD是下载限制,UPLD是上传限制,默认单线程200Kb=25KB。在SSH代理客户端里,我猜测其道理刚好是相好的。也就是要限制下载速度,应该是修改UPLD,反之亦然。
* DNLD is for download bandwidth limitation, UPLD is for uploading. The default value is 200KB/s=25KB/s. Within SSH proxy, as we are using port forwarding mechanism, I guess DNLD may be uploading bandwidth, and vice-versa (Sorry, I don’t know TC well)
5.3 首次启动服务
5.3 Start service
yum groupinstall "Development Tools" "Development Libraries"
(Ubuntu: apt-get install perl)
chmod +x /opt/gfw/*
/opt/gfw/limit.pl &
/opt/gfw/tcBandwidth.sh start
6. 创建用户 (参数)
./createUser 用户名 密码 过期时间
6. Create user (parameter)
./createUser.sh username password expired_date
其中,过期时间以月为单位,如果不填写,默认是3个月。
By default, expired date is 3 month.
如要创建一个叫xiaofang的用户,密码高为11111, 4个月后账户到期:
For instance, to create a user with password 11111 and being expired in 4 month:
./createUser.sh xiaofang 11111 4
7. 用户续费
7. Account expired date renew
./updateUser.sh 用户名 过期时间
./updateUser.sh username new_expired_date
参数含义与创建用户相同.