家里的路由器Linksys WRT54GS v1.1 设置了端口映射给电驴的，当然我一般偷懒TCP和UDP用同一个端口，一般都是很顺利的连上eD2K的服务器和KAD网络的，昨天晚上一夜就下载了3个多G。

今天早上到公司使用TD，居然只能eD2K，无法KAD，远程sock5到家里的路由器一样也不行，很是不爽。

晚上回家继续测试还是不行，怒了！

google一下，发现也没啥标准答案，一个主要是nodes.dat被破坏，可以通过重新安装或者下载恢复，这2个我都做了，还是不行。

无聊之中还是将端口映射的逻辑修改了一下，TCP和UDP使用了不同的端口，居然一下子就连上了，怪异。

我都猜测可能是路由器的问题？

eD2K 网络
状态: 已连接
IP:端口: 222.248.234.34:6666
ID: 585824478
 HighID

eD2K 服务器
名字: free.usenet.nl 2
描述: free.usenet.nl
IP:端口: 80.237.156.72:4661
版本: 17.15
用户数: 316,571
文件: 4,895,187
连接: Obfuscated

Kad 网络
状态: 打开
IP:端口: 222.248.234.34:6676
ID: 3740854818
Buddy: 没有
L2LUrl: peer://|0|0|0|06B551C5590EA90F4C4EDFD157B76FE2|222.248.234.34|6676|

相关介绍：

http://emule-fans.com/category/news/emule/verycd/

eMule VeryCD Mod 和 EasyMule的关联：都是VeryCD出品，但目前VeryCD官网一般只提供EasyMule的直接下载，界面改的面目全非，不可忍受。

但是eMule VeryCD Mod可能还在无聊的开发中？cnBeta时不时还有一些消息出来，可以简单的在Google Reader中搜Emule即可找到。

用eMule VeryCD Mod的好处是支持LowID To LowID，毕竟国内大部分都是使用LowID，用这个的话速度上感觉还是少不少，另外风格也和原版差别不大，可以忍受。

https://www.google.com/reader/view/#search/emule/1

http://hi.baidu.com/davyup/blog/item/229e99cb25e8b51abf09e66d.html

向隧道-隧道监听本地port,为普通活动提供安全连接

   ssh -qTfnN -L port:host:hostport -l user remote_ip

2.反向隧道----隧道监听远程port，突破防火墙提供服务

ssh -qTfnN -R port:host:hostport -l user remote_ip

3.socks代理

SSH -qTfnN -D port remotehost（用证书验证就直接主机名，没用的还要加上用户名密码）

-q Quiet mode. 安静模式，忽略一切对话和错误提示。
-T Disable pseudo-tty allocation. 不占用 shell 了。
-f Requests ssh to go to background just before command execution. 后台运行，并推荐加上 -n 参数。
-n Redirects stdin from /dev/null (actually, prevents reading from stdin). -f 推荐的，不加这条参数应该也行。
-N Do not execute a remote command. 不执行远程命令，专为端口转发度身打造。

虽然反向隧道在穿透内网放火墙的时候很好用，cron加上ssh-agent能实现无人职守下的主动连接,但是目前面临一个比较严重的问题，那就是隧道的不稳定性,基本上ssh反向隧道只能坚持10分钟左右就莫名奇妙的关闭掉了,是网路太差引起的断线？还是反向隧道本身的不完善性？我试图在网上找一个ssh社区去询问一下高手，但是我发现这样的社区是不存在的....也许有人会说可以每隔十分钟再重新发一次反向连接阿，但是经我尝试，发现即使是每隔10分钟重发一次反向隧道也不能解决问题，因为虽然反向隧道中断但反向隧道的进程还在，即使重发请求也不能将反向隧道重新接通...

http://sdfclub.cn/viewtopic.php?t=118&sid=cb71241647edd5cdc82b454bbdb9aa5c

There are two kinds of port forwarding: local and remote forwarding. They are also called outgoing and incoming tunnels, respectively. Local port forwarding forwards traffic coming to a local port to a specified remote port.

For example, if you issue the command

ssh2 -L 1234:localhost:23 username@host

all traffic coming to port 1234 on the client will be forwarded to port 23 on the server (host). Note that localhost will be resolved by the sshdserver after the connection is established. In this case localhost therefore refers to the server (host) itself.

Remote port forwarding does the opposite: it forwards traffic coming to a remote port to a specified local port.

For example, if you issue the command

ssh2 -R 1234:localhost:23 username@host

all traffic which comes to port 1234 on the server (host) will be forwarded to port 23 on the client (localhost).

It is important to realize that if you have three hosts, client, sshdserver, and appserver, and you forward the traffic coming to the client's port x to the appserver's port y, only the connection between the client and sshdserver will be secured. See Figure Forwarding to a third host. The command you use would be something like the following:
ssh2 -L x:appserver:y username@sshdserver

http://www.dd-wrt.com/wiki/index.php/Telnet/SSH_and_the_Command_Line#Remote_Port_Forwarding

Remote Port Forwarding
This is useful to tunnel things like RDP (Remote Desktop) through an encrypted SSH tunnel over the internet. For example, you want to be able to access your work computer from home.

If you had:

HomePC <-> Router <-> Internet <-> Firewall <-> WorkPC

WorkPC, which is running RDP on port 3389, issues ssh -R 5555:localhost:3389 root@router.home

HomePC can use his RDP client to connect to port 5555 on the router and this would create an SSH tunnel which will connect HomePC to port 3389 on the WorkPC

注解：

在WorkPC 执行  ssh -R 5555:localhost:3389 root@router.home

这样 localhost会解析为WorkPC

HomePC对router.home的5555端口的访问被转发到WorkPC的3389端口

SSH

zz From http://zhigang.org/wiki/SSH

目录

通过ssh建立安全隧道（ssh tunnelling，也称端口映射，Port Forwarding）
本地映射（Local Forward）
远程映射（Remote Forward）
公钥认证
配置ssh使用代理服务器，穿越企业防火墙
加快SSH连接速度方法
使用expect实现ssh自动交互
SSH保持连接（KeepAlive）
参考资料
本章记录了自己在使用SSH的过程中遇到的一些问题，及其解决方法。

通过ssh建立安全隧道（ssh tunnelling，也称端口映射，Port Forwarding）
通过ssh的端口映射功能可以方便地存取一下无法直接访问的资源。又分为本地映射（Local Forward）和远程映射（Remote Forward）。

本地映射（Local Forward）

$ ssh -f -g -A -X -N -T -L 1234:remote-host2:5678 user@remote-host或者通过修改ssh的配置文件：

$ cat ~/.ssh/config
Host remote-host
     Hostname x.x.x.x (your remote host IP)
     LocalForward 1234:remote-host2:5678
     User user
$ ssh user@remote-host所有对本地1234端口的访问都通过remote-host被转发到remote-host2的5678端口。有些DMZ中只开放sshd的22端口，通过本地映射，你可以访问远程计算机上的所有服务。

远程映射（Remote Forward）

$ ssh -f -g -A -X -N -T -R 1234:remote-host2:5678 user@remote-host或者通过修改ssh的配置文件：

$ cat ~/.ssh/config
Host remote-host
     Hostname x.x.x.x (your remote host IP)
     RemoteForward 1234:remote-host2:5678
     User user
$ ssh user@remote-host所有对remote-host的1234端口的访问都通过本机被转发到remote-host2的5678端口。通过远程映射，你可以通过家中的机子（有公网IP，可以ssh登录）来访问公司防火墙内部的计算机。

公钥认证
使用公钥认证经常遇到的问题就是一些文件的权限问题。一些问题可以通过查看/var/log/secure来发现。

要配置两台计算机使用公钥认证，可以通过分别在两台机子host1、host2上运行如下脚本：

$ ssh-keygen -t rsa -b 1024 # don't input any password
$ ssh $host1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ ssh $host2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys # important!
配置ssh使用代理服务器，穿越企业防火墙
通过 http://zippo.taiyo.co.jp/~gotoh/ssh/connect.html 下载connect.c，编译，拷贝到系统/usr/bin目录：

$ gcc connect.c -o connect
$ sudo cp connect /usr/bin编辑ssh的配置文件~/.ssh/config，增加：

$ cat ~/.ssh/config
Host remote-host
     ProxyCommand connect -H your.proxy.com:port %h %p
$ ssh user@remote-host
加快SSH连接速度方法
SSH登录时会进行DNS反查，如果你的DNS Server速度比较慢，会发生等待。知道了原因解决方法就出来了：就是提高域名解析的速度。可以将主机名写到/etc/hosts中来解决。

使用expect实现ssh自动交互
下面是使用expect实现的自动远端命令执行的脚本remote-exec：

# \
exec expect -- "$0" ${1+"$@"}
# remote-exec - execute command on remote host
# Version 0.1
# Zhigang Wang <zhigang.x.wang@oracle.com>
exp_version -exit 5.0

if {$argc!=2} {
    send_user "usage: remote-exec command password\n"
    send_user "Eg. remote-exec \"ssh user@host ls\\; echo done\" password\n"
    send_user "or: remote-exec \"scp /local-file user@host:/remote-file\" password\n"
    send_user "or: remote-exec \"scp user@host:/remote-file local-file\" password\n"
    send_user "or: remote-exec \"rsync --rsh=ssh /local-file user@host:/remote-file\" password\n"
    send_user "Caution: command should be quoted.\n"
    exit
}

set cmd [lindex $argv 0]
set password [lindex $argv 1]

eval spawn $cmd

set timeout 120

while {1} {
    expect -re "Are you sure you want to continue connecting (yes/no)?" {
            # First connect, no public key in ~/.ssh/known_hosts
            send "yes\r"
        } -re "assword:" {
            # Already has public key in ~/.ssh/known_hosts
            send "$password\r"
        } -re "Permission denied, please try again." {
            # Password not correct
            exit
        } -re "kB/s|MB/s" {
            # User equivalence already established, no password is necessary
            set timeout -1
        } -re "file list ..." {
            # rsync started
            set timeout -1
        } -re "bind: Address already in use" {
            # For local or remote port forwarding
            set timeout -1
        } -re "Is a directory|No such file or directory" {
            exit
        } -re "Connection refused" {
            exit
        } timeout {
            exit
        } eof {
            exit
        }
}
SSH保持连接（KeepAlive）
可以使用下面的方法：

增加下面的内容到~/.ssh/config或者/etc/ssh/ssh_config：

Host *
  ServerAliveInterval 60 # in second执行下面的脚本：

while date; do sleep 10; done当要输入命令时，只需要按下ctrl-c.

参考资料
OpenSSH official site.

OpenSSH Manual Pages.

The Secure Shell(tm) Frequently Asked Questions.

SSH Tunnelling (Port Forwarding).

SSH Port Forwarding.

SSH Proxy Command -- connect.c.

Corkscrew -- tool for tunneling SSH through HTTP proxies.

SSH Host Key Protection.

SSH and ssh-agent.

The Expect Home Page.

Pexpect - a Pure Python Expect-like module.

1.公司只提供23 443 80 端口访问

2.FastDomain主机只提供22端口ssh访问

1.路由器设置端口转发： 443 -> 192.168.1.1:1080

2.路由器运行：ssh -N -g -L 1080:guduo.net:22 xxx@guduo.net

   转发所有访问路由器1080端口的请求到guduo.net的22端口

   ssh访问路由器1080端口时，实际就是访问guduo.net的22端口，可以看putty访问示例日志：

login as: xxx
xxx@192.168.1.1's password:
Last login: Fri Dec 25 08:07:06 2009 from fast22.fastdomain.com

[xxx@fast22 /home/xxx]
$

3.本地通过plink连接路由器再连接FastDomain建立代理访问：

d:\green_soft\putty\plink.exe -N xxx@路由器WAN -P 443 -pw "xxx_pw" -D 127.0.0.1:1080

如果我在FastDomain购买了Dedicated IP，是否可以通过

ssh -N -g -L 8000:localhost:22 xxx@localhost 来直接开启一个8000端口的ssh服务呢？

路由器上测试：

~ # ssh -N -g -L 1080:192.168.1.1:80 root@192.168.1.1
root@192.168.1.1's password:

将1080也直接指向httpd的80服务~

ssh -N -g -L 1080:guduo.net:22 xxx@guduo.net
所有对本地的1080端口的访问都通过guduo.net被转发到guduo.net的22端口
ssh -N -g -L 1080:guduo.net:22 root@127.0.0.1
所有对本地的1080端口的访问都通过127.0.0.1被转发到guduo.net的22端口

zz From http://zhigang.org/wiki/SSH

本地映射（Local Forward）
$ ssh -f -g -A -X -N -T -L 1234:remote-host2:5678 user@remote-host或者通过修改ssh的配置文件：
$ cat ~/.ssh/config
Host remote-host
     Hostname x.x.x.x (your remote host IP)
     LocalForward 1234:remote-host2:5678
     User user
$ ssh user@remote-host所有对本地1234端口的访问都通过remote-host被转发到remote-host2的5678端口。有些DMZ中只开放sshd的22端口，通过本地映射，你可以访问远程计算机上的所有服务

dropbear -w -F -E -p 8000 -P /home/xxx/sshd/dropbear_sshd.pid  -d /home/xxx/sshd/dropbear_dss_host_key -r /home/xxx/sshd/dropbear_rsa_host_key

dropbearkey -t rsa -f dropbear_rsa_host_key -s 1024
dropbearkey -t dss -f dropbear_dss_host_key -s 1024

ssh xxx@127.0.0.1 -p 8000
chsh --list-shells
chsh -s /bin/sh yimutian

$ chsh -s /bin/sh xxx
Changing shell for xx.
Password:

[25376] Dec 19 05:56:32 Child connection from ::ffff:127.0.0.1:58456
[25376] Dec 19 05:56:38 user 'xxx' has invalid shell, rejected

From FastDomain Support:

1.Can't Change Login Shell

2.Can't Change sshd port

3.What Can I Do ?

编译安装：

socks proxy:

ss5

antinat-0.90  依赖 expat-2.0.1

ssh server:

dropbear-0.52

lsh-2.0 依赖 liboop-1.0

注意使用编译选项：

./configure CPPFLAGS="-I/path/to/expat/include" LDFLAGS="-L/path/to/expat/lib" --prefix=xxx

zz From http://en.wikipedia.org/wiki/Comparison_of_SSH_servers

Comparison of SSH servers

From Wikipedia, the free encyclopedia

Jump to: navigation, search

This article is incomplete and may require expansion or cleanup. Please help to improve the article, or discuss the issue on the talk page.

SSH servers is a software program which uses the secure shell protocol to accept connections from remote computers. This article compares a selection of popular servers.

Contents [hide] 1 General 2 Platform 3 Features 4 See also 5 References

[edit] General

Name	Developer	Status	Date of first release	Last release	Date of last release	License	Official web page
CopSSH	Itefix	Active	2009-01-16	3.0.1	2009-10-12	BSD	CopSSH
Dropbear	Matt Johnston	Active	2003-04-06 [1]	0.52	2008-11-12	MIT	Dropbear
F-Secure SSH Server	F-Secure	?			2004?	commercial
freeSSHD	Kresimir Petri	?		1.2.6	2009-??-??	?	[1]
KpyM	KpyM	Active		1.18	2009-08-01 [2]	BSD	[2]
lsh	Niels Möller	Active	1999-05-23 [3]	2.9-exp	2007-04-04	GPL	LSH
OpenSSH	The OpenBSD project	Active	1999-12-01	5.3	2009-10-01[4]	BSD	OpenSSH
Reflection for Secure IT	Attachmate	Active		7.1		commercial	[3]
Tectia	SSH Communications Security	Active	1995	6.1		commercial	SSH Communications Security
VShell server	VanDyke Software, Inc.	Active	1995	3.6	2009-12-10	commercial	VanDyke VShell

[edit] Platform

The operating systems or virtual machines the SSH servers are designed to run on without emulation; there are several possibilities:

• No indicates that it does not exist or was never released.
• Partial indicates that while it works, the server lacks important functionality compared to versions for other OSs but may still be under development.
• Beta indicates that while a version is fully functional and has been released, it is still in development (e.g. for stability).
• Yes indicates that it has been officially released in a fully functional, stable version.
• Dropped indicates that while the server works, new versions are no longer being released for the indicated OS; the number in parentheses is the last known stable version which was officially released for that OS.
• Included indicates that the server comes pre-packaged with or has been integrated into the operating system.

The list is not exhaustive, but rather reflects the most common platforms today.

Name	Mac OS X	Mac OS Classic	Windows	Cygwin	BSD	Linux	Solaris	Palm OS	Java	OpenVMS	Windows Mobile	IBM z/OS	AmigaOS	AIX	HPUX	iPhone† / iPod Touch	WebOS
CopSSH	No	No	Yes	Yes	No	No	No	No	No	No	No	No	No	No	No	No	No
Dropbear	Yes	No	No	Yes	Yes	Yes	Yes	No	No	No	No	No	No	No	No	No	Yes†
lsh	Yes	No	No	No	Partial†	Yes	Yes	No	No	No	No	No	No	No	No	No	No
OpenSSH	included	No	Yes†	included	included	included †	Yes	No	No	Yes	No	Yes	Yes	Yes†	Yes	Yes†	Yes†
KpyM	No	No	Yes	No	No	No	No	No	No	No	No	No	No	No	No	No	No
freesshd	No	No	Yes	No	No	No	No	No	No	No	No	No	No	No	No	No	No

• ^  lsh supports only one BSD platform officially, FreeBSD.^{[citation needed]}
• ^  The majority of Linux distributions have OpenSSH as an official package, but a few do not.
• ^  Openssh 3.4 was the first release included since AIX^{[citation needed]}
• ^  Unless otherwise noted, iPhone refers to non-jailbroken devices.
• ^  [4]
• ^  Only for jailbroken devices.
• ^  OpenSSH and Dropbear are available as optware packages installed by PreWare (maintained by WebOS-Internals.org)

[edit] Features

Name	SSH1	SSH2	Port forwarding	SFTP	SCP	Compatible with OpenSSH authorized keys	Privilege separation
CopSSH	Yes	Yes	Yes	Yes	Yes	Yes	Yes[5]
Dropbear (software)	No	Yes	Yes	No	No[6]	Yes	??
Lsh	No	Yes	Yes	Yes	Yes	??	??
OpenSSH	Yes	Yes	Yes	Yes	Yes	Yes	Yes[7]

[edit] See also

• Comparison of SSH clients

[edit] References

1. ^ Changes in Dropbear in official web page
2. ^ Changes in the official web page
3. ^ Archive of lsh releases in official web page
4. ^ OpenBSD changes in official web page
5. ^ sshd_config(5) manual page 2008-04-05. Retrieved on 2008-04-27.
6. ^ Dropbear page in nslu2-linux.org
7. ^ sshd_config(5) manual page 2008-04-05. Retrieved on 2008-04-27.

Retrieved from "http://en.wikipedia.org/wiki/Comparison_of_SSH_servers"

Antinat

For UNIX-like environments, Antinat uses the autoconf system to provide "./configure && make && make install" style compilation.

However, you will need to have installed expat (including expat-devel) in order to compile. If the configure script is unable to locate your installation of expat, you may need to specify it on the command line:

./configure CPPFLAGS="-I/path/to/expat/include" LDFLAGS="-L/path/to/expat/lib"
The only compiler being supported on UNIX is gcc, version 2.95.3 or newer. If you use a different compiler and encounter compilation problems, by all means send in patches or bug reports, but there is no guarantee that compilation will always work with your compiler.

If you wish to include verbose output in your build, use the --with-feedback switch to configure; if you want compilation warnings turned on (gcc only!) use --with-warnings.

IPv6 is not compiled by default. If you want to include it (and know what you're doing) use --with-ipv6. Note that IPv6 support is incomplete (no filtration) and not well tested. You have been warned.

ss5

Description
SS5 is a socks server that implements the SOCKS v4 and v5 protocol. As a proxy server, SS5 authenticates, profiles and processes network requests for clients. It establishes connections to application hosts for client applications. When the client attempts to access the network, the client connects to the SS5 daemon instead of the application host.

Following authentication, clients request that SS5 perform network activities for the client. The activities might include:
Connect
Bind
Udp Associate
The SS5 protocol is independent of application protocols, and can assist with different networking services, including telnet, ftp, finger, whois, gopher, and WWW access.

socks5-v1.0r11

EveryThing：

开机即启动，再也不用愁硬盘太大，软件放的太乱找不到了。

myBase ：

工作生活必备，笔记软件，之前使用的CyberArticle现在很少使用了。

Total Commander：

比起windows自带的explorer，当然是强了很多很多倍，不过自己用的还不熟悉，好用的几点理由：

1）可以多个窗口，2个相比一个直接增加了一倍哦，互相copy之类的就很方便了。

2）可以定义快捷键直接查看，编辑文件，这2个是最经常使用的操作了。

3）批量改名等操作，使用不多，但关键时刻就是好用。