Blog homepage: The little sheep has insomnia.
Series of columns: C language, Linux, Cpolar
Thank you everyone for likingfavorites?comments
A few days ago, I discovered a giant artificial intelligence learning website. It is easy to understand and humorous. I couldn’t help but share it with everyone. Click to jump to the website.
Article directory
-
- Preface
- 1. openssh-sftp-server installation
- 2. Install cpolar tool
- 3. Configure SFTP remote access
- 4. Fixed remote connection address
Foreword
In this tutorial, we will install the SFTP service on OpenWRT and combine it with cpolar intranet penetration to create a secure tunnel mapping port 22 to implement remote OpenWRT SFTP in the public network environment and securely transfer files, such as backup files, configuration files, etc.
- SFTP is a secure file transfer protocol based on the SSH protocol and provides secure file transfer services with encryption, authentication, and data integrity protection.
- cpolar is a secure and powerful intranet penetration tool that can expose local servers behind NAT or firewalls to the public Internet through secure tunnels. After using it for a while, you will find that it can even implement small cloud services directly at home.
1. openssh-sftp-server installation
Update package manager
opkg update
Then install the SFTP service
opkg install vsftpd openssh-sftp-server
Next, add the startup
/etc/init.d/vsftpd enable
start up
/etc/init.d/vsftpd start
Let’s open the connection tool. Here we take the Filezilla tool as an example. Fill in the LAN IP address, user name, password, port number: 22, and click Connect to succeed.
2. Install cpolar tool
Operate openwrt through ssh connection and download the public key:
wget -O cpolar-public.key http://openwrt.cpolar.com/releases/public.key
Add the public key after the download is complete
opkg-key add cpolar-public.key
Add cpolar’s opkg warehouse source
echo "src/gz cpolar_packages http://openwrt.cpolar.com/releases/packages/$(. /etc/openwrt_release ; echo $DISTRIB_ARCH)" >> /etc/opkg/customfeeds.conf
Update repository
opkg update
Start installing cpolar and execute the following three installation commands to install the three packages:
opkg install cpolar
opkg install luci-app-cpolar
opkg install luci-i18n-cpolar-zh-cn
After the installation is completed, open the openwrt Web management interface?, we can see that there is a service, and below we can see our cpolar intranet penetration
After clicking in, you can see the cpolar interface
Log in to the cpolar official website. If you have not registered an account, you can register an account first, and then click Verify on the left to view your authentication token.
cpolar official website: https://www.cpolar.com
Then copy the token viewed on the official website to the Auth Token in the openwrt cpolar service interface, and click Save after setting.
After successfully saving, click Open Web-UI interface in the interface to see the cpolar web ui interface.
Use the account registered on our official website to log in. After logging in, you can manage the tunnel and the installation is complete.
3. Configure SFTP remote access
Open the cpolar management interface in the browser. We click Tunnel Management – Create Tunnel on the left dashboard. Since the default SFTP connection is port 22, we need to create a tcp tunnel pointing to port 22:
- Tunnel name: Customizable, be careful not to repeat it
- Protocol: tcp
- Local address: 22 (default port)
- Domain name type: Choose a random domain name
- Region: Select China VIP
Click Create
After the creation is successful, we click on the online tunnel list on the left to view the created public network address.
We open the connection tool again. Here we take the Filezilla tool as an example. Fill in the IP address we saw above, add sftp:// in front of the address, then enter the user name and password, and enter the port number above. The port number corresponding to the network address, click Connect, and it will be successful.
4. Fixed remote connection address
The temporary TCP data tunnel established above through cpolar, however, the TCP data tunnel at this time is still a random temporary TCP tunnel, and the port number will change every 24 hours. If we want to make the data tunnel between different devices stable for a long time, we need further settings (because the fixed TCP tunnel will occupy cpolar server resources for a long time, this service has to be included in the VIP project (Professional Edition package)). Now, let us set up a TCP data tunnel that can exist stably for a long time.
To establish a stable TCP data tunnel, we must first log in to the cpolar official website and enter the “Reservation” interface of the dashboard
In the reservation interface, find the “Reserved TCP Address” item. Under this project, we fill in some necessary information, such as the tunnel name to identify the data tunnel, the tunnel usage area, etc.
After filling in this information, click the “Keep” button on the right to fix the tunnel in the backend of the cpolar official website. At this time cpolar will generate a tunnel tcp address port
Then we return to the browser cpolar interface, open the “Tunnel List”, find the random temporary TCP tunnel created previously, and enter the “Edit” page.
Paste the tunnel port we obtained from the cpolar official website into the “Reserved TCP Address” column, and then click the “Update” button below.
Then check the online tunnel list again and find that the public address corresponding to the SFTP tunnel has become the fixed address reserved by our official website.
We open the connection tool again. Here we take the Filezilla tool as an example. Fill in the IP address we fixed above, add sftp:// in front of the address, then enter the user name and password, and enter the port number into the fixed IP address above. The port number corresponding to the network address, click Connect, and it will be successful.
Reprinted from cpolar pole cloud article: OpenWRT SFTP remote file transfer
