Search

CN-117835453-B - System and method for realizing ssh operation and maintenance of edge equipment based on tunnel

CN117835453BCN 117835453 BCN117835453 BCN 117835453BCN-117835453-B

Abstract

The invention relates to the technical field of I T and software development, in particular to a system and a method for realizing SSH operation and maintenance of edge equipment based on a tunnel. The second device is used for sending an SSH connection request to the first device, and the second device is also used for establishing tunnel connection with the first device after the first device accepts the SSH connection request sent by the second device. And when the third device is used for connecting the public network I p and the port of the first device, sending an SSH connection request to the second device through the tunnel connection established between the first device and the second device. The control device is used for issuing and starting and stopping tasks to the second device, and is also used for controlling the establishment and damage of tunnel connection established between the first device and the second device. The ssh login of the cloud and the edge in different network planes and in the scene without the Internet port is realized through the cooperative operation of the devices, so that the problem that the cost cannot be controlled is solved.

Inventors

  • KONG FANYUN

Assignees

  • 天翼云科技有限公司

Dates

Publication Date
20260508
Application Date
20231214

Claims (7)

  1. 1. The system for realizing the ssh operation and maintenance of the edge equipment based on the tunnel is characterized by comprising a first equipment, a second equipment, a third equipment and a control equipment, wherein, The first device is arranged at a public network and/or a server side and is used for receiving an SSH (secure shell protocol) connection request sent by the second device; The second device is arranged in the edge environment of the target device, and is used for sending an SSH connection request to the first device, and the second device is also used for establishing tunnel connection with the first device after the first device receives the SSH connection request sent by the second device; The third device is arranged in the external device and/or the management device, and is used for sending an SSH connection request to the second device through the tunnel connection established between the first device and the second device when the third device is used for connecting a public network Ip (internet protocol) and a port of the first device; The control device is arranged on a Master node of the Kubernetes cluster and is used for issuing and starting and stopping tasks to the second device and controlling establishment and damage of the tunnel connection established by the first device and the second device; the first device is an nps (intranet penetration proxy server) server, and is arranged at a public network and/or a server, and the nps server is used for receiving and processing a connection request of an SSH (secure socket head) at the public network and/or the server; the second device includes: npc (intranet penetration proxy client) module, which is arranged in the edge environment of the target device, wherein the npc module is used for sending an SSH connection request to the nps server, and the npc module is also used for establishing tunnel connection with the nps server after the nps server accepts the SSH connection request sent by the npc module; Sshd (SSH service daemon) module, provided on the target device, the Sshd module for receiving SSH connection requests from nps and npc; The control device is a k8s (short for Kubernetes) controller, the k8s controller is arranged on a Master node of a Kubernetes cluster, the k8s controller is used for performing start-stop management on Pod (container group) of the npc module, and the k8s controller is also used for controlling the establishment or damage state of a tunnel between the nps server and the npc module according to Pod of the npc module.
  2. 2. The system for implementing Ssh operation and maintenance of tunnel-based edge devices according to claim 1, wherein the third device is an Ssh-client (secure shell protocol client) module, and is disposed in an external device and/or a management device, the Ssh-client module is configured to initiate an Ssh connection request to the nps server, and the Ssh-client module is further configured to send an Ssh connection request to a Sshd module in the target device after a tunnel is established between the nps server and the npc module.
  3. 3. The system for implementing Ssh operation and maintenance of tunnel-based edge devices according to claim 2, wherein the nps server is further configured to send, when receiving an Ssh connection request sent by the Ssh-client module, the Ssh connection request to a Sshd module in the target device through a tunnel established between the nps server and the npc module.
  4. 4. The system for implementing Ssh operation and maintenance of tunnel-based edge devices as claimed in claim 3, wherein said Sshd module is further configured to accept an Ssh connection request sent by said Ssh-client module through a tunnel established between said nps server and said npc module, and then to perform communication connection with said Ssh-client module.
  5. 5. The system for implementing Ssh operation and maintenance of tunnel-based edge device of claim 4, wherein Ssh-cl ient module is an Ssh connection request initiation program formed by one or more of MobaXterm, puTTY, xshel l, etc.
  6. 6. A method for implementing a system for implementing ssh operation and maintenance of tunnel-based edge devices as claimed in any one of claims 1 to 5, comprising: Executing the installation and starting of the nps server on the Master node of the Kubernetes, and ensuring that the nps server runs on the Master node of the Kubernetes and listens to a specific port; Port forwarding rule configuration is carried out on the nps server, and the ports of the nps server after configuration are ensured to be 22 ports; Controlling the k8s controller to send the Pod of the npc module to the edge environment of the target equipment, and establishing long connection with an nps server through the public network IP of the Master node of the Kubernetes; And controlling the nps server to send an SSH connection request to the npc module of the target node through the corresponding long connection, and controlling the npc module to forward to an Ssh-client module.
  7. 7. The implementation method of claim 6, wherein when the installation and starting of the nps server are performed on the Master node of the Kubernetes, and the nps server is ensured to have run on the Master node of the Kubernetes and monitor a specific port, further comprising: the firewall policy is set to allow public network users to access the IP address and port of the nps server.

Description

System and method for realizing ssh operation and maintenance of edge equipment based on tunnel Technical Field The invention relates to the technical field of IT and software development, in particular to a system and a method for realizing ssh operation and maintenance of an edge device based on a tunnel. Background In recent years, with the rapid development of edge computing and internet of things, scenes with edge embedded boxes as computing nodes are more and more abundant, and cloud native capability extends to edges as a trend. The cloud-native edge architecture like KubeEdge has been widely applied to typical edge computing scenes such as the internet of things, edge clouds and distributed clouds by the comprehensive 'cloud, edge and end integration' capability, and covers various industries such as streaming, energy, traffic, manufacturing, retail, medical treatment, CDN and the like. At present, conventional k8s deployment is usually performed in a server cluster of a local area network, and people can easily log in any server to perform operation and maintenance through ssh. However, in the maintenance of the edge cloud equipment, the remote ssh logs in the edge equipment to troubleshoot the fault, but because of the lack of ip resources of the public network and the like, the edge equipment is positioned in a local area network sub-network segment and cannot actively initiate a communication request by a server, and the operation and maintenance of the scene is usually to dispatch operation and maintenance personnel to operate on site or send remote instructions to acquire an operation log, but the operation and maintenance personnel have unsatisfactory functions, or the operation and maintenance personnel cost is high, or the log information is not detailed and cannot be positioned, and meanwhile, extremely poor use experience is brought due to the fact that the operation and maintenance personnel cannot respond in time. In order to solve the pain point, the main method adopted at present is command forwarding and binding public network ip. The command forwarding is to send the command to be executed from the network to the client through the C/S mechanism, and return the result to the server after the command is executed by the client. Binding public network ip, while fully implementing ssh, is scarce and expensive, and is not conducive to cost control. Disclosure of Invention The invention aims to provide a tunnel-based system and a tunnel-based method for realizing ssh operation and maintenance of edge equipment, which are used for embedding a npc in a cloud protoplasm system in a pod deployment mode, so that the fusion of ssh and cloud protoplasm is realized, the ssh login of cloud and edge in different network planes and in a scene without an internet port is realized, and the problem that the cost cannot be controlled in the background technology is solved. On one hand, the embodiment of the invention provides a system for realizing the ssh operation and maintenance of the edge equipment based on the tunnel, which comprises a first equipment, a second equipment, a third equipment and a control equipment, wherein, The first device is arranged at the public network and/or the server side and is used for receiving the SSH connection request sent by the second device; The second device is arranged in the edge environment of the target device, and is used for sending an SSH connection request to the first device, and the second device is also used for establishing tunnel connection with the first device after the first device receives the SSH connection request sent by the second device; The third device is arranged in the external device and/or the management device, and is used for sending an SSH connection request to the second device through the tunnel connection established between the first device and the second device when the third device is used for connecting the public network Ip and the port of the first device; The control device is arranged on a Master node of the Kubernetes cluster and is used for issuing and starting and stopping tasks to the second device, and the control device is also used for controlling establishment and damage of the tunnel connection established by the first device and the second device. Further, the first device is an nps server, and is disposed at a public network and/or a server, where the nps server is configured to accept and process a connection request of an SSH at the public network and/or the server. Further, the second device includes: npc, configured to be disposed in an edge environment of the target device, where the npc module is configured to send a connection request of an SSH to the nps server, and the npc module is further configured to establish a tunnel connection with the nps server after the nps server accepts the SSH connection request sent by the npc module; sshd module, configured to be disposed on a target device, where the Ssh