Java
通過 Jumphost 使用 SSH 隧道的 Java KVM 控制台
我正在嘗試通過 SSH 隧道使用 KVM 控制台,但出現連接被拒絕 Java 錯誤。這是我正在做的事情:
在我的 Macbook 上,我正在使用以下命令通過 jumphost 建立到遠端伺服器的 SSH 隧道:
ssh -L 1234:TARGET_SERVER:443 jumphost.foo.com接下來我通過以下方式連接到遠端伺服器的 GUI:https ://127.0.0.1:1234
一切都很好。我登錄到伺服器,點擊 Java KVM 控制台按鈕,我的瀏覽器下載 viewer.jnlp 小程序。在 jnlp 文件中,所有 HTTPS 引用列表https://127.0.0.1:443並且在執行此 jnlp 文件時,Java 會返回一條錯誤消息:
無法啟動應用程序
因此,我使用 VI 進入文件,並將所有埠 443 設置更改為埠 1234。現在所有內容都引用https://127.0.0.1:1234。然後我再次執行 JNLP 文件(使用 javaws),我得到了某個地方。我首先收到關於這是一個不受信任的連接的消息,我應該繼續嗎?我選擇繼續。接下來它下載 KVM 應用程序,下一條消息是:你想執行這個應用程序嗎?所以我選擇執行。
這是當 Java 失敗並在 Java 控制台日誌中有效地顯示連接被拒絕的時候。我認為問題可能與 SSH 隧道有關,但我無法弄清楚我需要做什麼才能糾正問題。我需要使用隧道通過 Jumphost 執行 Java JNLP,並且知道解決方案是什麼;還可以訪問離線且只能通過 IPMI 連接訪問的遠端伺服器。
Java 控制台日誌:
--Java Web Start 11.191.2.12 x86_64 Using JRE version 1.8.0_191-b12 Java HotSpot(TM) 64-Bit Server VM User home directory = /my/homedir ---------------------------------------------------- c: clear console window f: finalize objects on finalization queue g: garbage collect h: display this help message m: print memory usage o: trigger logging p: reload proxy configuration q: hide console r: reload policy configuration s: dump system and deployment properties t: dump thread list v: dump thread stack 0-5: set trace level to <n> ---------------------------------------------------- Missing Application-Name manifest attribute for: https://127.0.0.1:1234/software/avctNuova.jar.pack.gz MAC OS X KVM/VM Client Version: 5.04.02 (Build 192) replace numpad replace numpad ** Max Size: W = 1920 H = 976 ** Window Pref Size: W = 1024 H = 812 ** Max Size: W = 1920 H = 976 ** Window Pref Size: W = 1024 H = 812 JNLPClassLoader: Finding library libVMAPI_DLL.dylib JNLPClassLoader: Finding library libjawt.dylib JNLPClassLoader: Finding library libavctKVMIO.dylib Try again with the reduced mode protocol list Already tried the reduced mode protocol list, quitting java.net.ConnectException: Connection refused (Connection refused) at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at java.net.Socket.connect(Socket.java:538) at java.net.Socket.<init>(Socket.java:434) at java.net.Socket.<init>(Socket.java:211) at com.avocent.protocol.apcp.ProtocolAPCP.createBasicSocket(Unknown Source) at com.avocent.protocol.apcp.ProtocolAPCP.getAvspSocket(Unknown Source) at com.avocent.protocol.apcp.ProtocolAPCP.getAvspPrimarySocket(Unknown Source) at com.avocent.protocol.avsp.AvspKvmSession.connectToPort(Unknown Source) at com.avocent.protocol.avsp.AvspKvmSession.connectToPort(Unknown Source) at com.avocent.api.viewer.RPAPIClientViewer.sendConnectRequestToServer(Unknown Source) at com.avocent.api.viewer.RPAPIClientViewer.openViewerClient(Unknown Source) at com.avocent.app.kvm.DefaultViewerMainController.startSession(Unknown Source) at com.avocent.app.kvm.DefaultViewerMainController.startApp(Unknown Source) at com.avocent.nuova.kvm.CiscoViewerMainController.startApp(Unknown Source) at com.avocent.nuova.kvm.Main.runApp(Unknown Source) at com.avocent.nuova.kvm.Main.main(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.javaws.Launcher.executeApplication(Unknown Source) at com.sun.javaws.Launcher.executeMainClass(Unknown Source) at com.sun.javaws.Launcher.doLaunchApp(Unknown Source) at com.sun.javaws.Launcher.run(Unknown Source) at java.lang.Thread.run(Thread.java:748) CoreSessionListener : connection failed in CoreSessionListner : fireOnSessionStateChanged KVM session state SESSION_FAILED
您可能需要將此主機的異常添加到位於 JRE/JDK 路徑中的 java.security 文件中。如果您正在通過代理或在鏈中有任何類型的自簽名或非根受信任證書(或者您通過 http 而不是 https 訪問),那麼您需要告訴 Java 這樣做是可以的。