ssh隧道加密压缩方法 - SSH Tunnels Compression speed up PostgreSQL data transport in WAN environment

背景

一位海外的同事问我从国外抽取数据比较慢，有没有好的解决办法？

这个问题其实以前也遇到过，我是通过SSH建立隧道，并且开启协议压缩来解决，不过对于应用程序不太适用。

PostgreSQL的话，可以直接用SSL连接开启协议压缩，本文不讨论，可以参考我的相关文档。

《PostgreSQL 如何实现网络压缩传输或加密传输(openssl)》

《PostgreSQL ssl ciphers performance 比较》

《PostgreSQL SSL链路压缩例子》

《ssh隧道加密压缩方法 - a simple wan speed method》

本文讨论一下视野LINUX的SSH隧道实现压缩的方式。

正文

首先在本地服务器建立远程数据库服务器隧道 :

ssh -C -L 6666:127.0.0.1:1921 postgres@remote_ip  

在另外一个本地的Shell里面执行如下命令:

postgres@db-172-16-3-33-> date +%F%T;psql -h 127.0.0.1 -p 6666 -U postgres db_remote -c "copy schema.tbl_log to stdout" >./tbl_log.dmp;date +%F%T  
2011-06-2717:16:50  
2011-06-2717:17:08  

耗时18秒

不走隧道的话

postgres@db-172-16-3-33-> date +%F%T;psql -h remote_ip -p 1921 -U schema db_remote -c "copy schema.tbl_log to stdout" >./tbl_log2.dmp;date +%F%T  
2011-06-2717:20:06  
2011-06-2717:22:29  

耗时143秒

速度提升非常惊人.

参考

     -L [bind_address:]port:host:hostport  
             Specifies that the given port on the local (client) host is to be forwarded to the given host and port on  
             the remote side.  This works by allocating a socket to listen to port on the local side, optionally bound  
             to the specified bind_address.  Whenever a connection is made to this port, the connection is forwarded  
             over the secure channel, and a connection is made to host port hostport from the remote machine.  Port  
             forwardings can also be specified in the configuration file.  IPv6 addresses can be specified with an  
             alternative syntax: [bind_address/]port/host/hostport or by enclosing the address in square brackets.  
             Only the superuser can forward privileged ports.  By default, the local port is bound in accordance with  
             the GatewayPorts setting.  However, an explicit bind_address may be used to bind the connection to a spe-  
             cific address.  The bind_address of “localhost” indicates that the listening port be bound for local use  
             only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.  
  
     -C      Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP  
             connections).  The compression algorithm is the same used by gzip(1), and the “level” can be controlled  
             by the CompressionLevel option for protocol version 1.  Compression is desirable on modem lines and other  
             slow connections, but will only slow down things on fast networks.  The default value can be set on a  
             host-by-host basis in the configuration files; see the Compression option.  

LINUX :

linux 通过ssh代理上网

本网段上网需计费,想到通过另一网段的linux服务器做代理免费上网

前提是你有那台linux主机的帐户

然后打开终端输入

ssh -qTfnN -D 7070 user@host  

说明: user是你的帐号,host指对方linux主机的ip

-q Quiet mode. 安静模式，忽略一切对话和错误提示。  
-T Disable pseudo-tty allocation. 不占用 shell 了。  
-f Requests ssh to go to background just before command execution. 后台运行，并推荐加上 -n 参数。  
-n Redirects stdin from /dev/null (actually, prevents reading from stdin). -f 推荐的，不加这条参数应该也行。  
-N Do not execute a remote command. 不执行远程命令，专为端口转发度身打造。  

然后在浏览器中

如果是firefox:安装autoproxy插件，在代理中选择SSH -D即可。默认情况下的配置就是7070端口，所以可以不用修改配置，否则在首选项中更改服务器设置。

如果是Chrome:安装proxy switchy扩展，添加Proxy Profile，在右侧的socks host中输入127.0.0.1和7070，下方选中socks v5，保存，然后切换至该profile即可。

其他

1. 《ssh隧道加密压缩方法 - a simple wan speed method》

digoal’s 大量PostgreSQL文章入口