将 frps 及 frps.ini 放到具有公网 IP 的机器上。

将 frpc 及 frpc.ini 放到处于内网环境的机器上。

通过 ssh 访问公司内网机器

  1. 修改 frps.ini 文件,这里使用了最简化的配置,设置了 frp 服务器端接收客户端流量的端口:
# frps.ini
[common]
bind_port = 7000
  1. 启动 frps:
./frps -c ./frps.ini
  1. 修改 frpc.ini 文件,假设 frps 所在服务器的公网 IP 为 x.x.x.x:
# frpc.ini
[common]
server_addr = x.x.x.x
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

注意,local_port(客户端侦听)和 remote_port(服务器端暴露)是用来出入 frp 系统的两端,server_port 则是服务器用来与客户端通讯的。

  1. 启动 frpc:
./frpc -c ./frpc.ini
  1. 通过 ssh 访问内网机器,假设用户名为 root:
[root@iZbp145axkc98giot5b448Z ~]# ssh -oPort=6000 root@xxxxxxxx
The authenticity of host '[xxxxxxxx]:6000 ([xxxxxxxx]:6000)' can't be established.
ECDSA key fingerprint is SHA256:1yHUa+RUgkHbNQ4znmazqK+Ogboet+f6pplQBSF7oos.
ECDSA key fingerprint is MD5:a7:d9:f4:94:0f:17:01:d8:3c:33:0f:fc:38:bb:67:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[xxxxxxxx]:6000' (ECDSA) to the list of known hosts.
root@xxxxxxxx's password:
Last login: Thu May  7 22:42:36 2020 from 192.168.180.1
[root@192 ~]#