Ssh
用於通過反向 SSH 隧道連接到主機的 SSH 配置
我設置了一個反向 SSH 隧道來訪問
node1NAT 後面的節點。我已經設置了一個 EC2 實例,myEC2作為中介。從我的laptop,當我想訪問時node1,我必須通過 SSH 連接到 EC2 才能通過 SSH 連接到節點。工作流程是這樣的:
- 在
node1中,確保執行:ssh -i key.pem -R 3000:localhost:22 ubuntu@myEC2。這始終在服務中執行。- 從我
laptop的 SSH 到 EC2:ssh ubuntu@myEC2- 一旦進入 EC2:
ssh xavier@localhost -p 3000- 我進去了
node1!我正在尋找的是一種在 SSH 配置中表達該工作流程的方式,我可以使用它直接
node1從我的laptop. 這將幫助我node1通過 Visual Studio Code 的遠端 SSH 擴展進行訪問。我試過這樣的事情:
Host node1 Hostname myEC2 User ubuntu Port 3000 IdentityFile key.pem但這不起作用,我認為這是因為
Port應該22而不是3000. 我只是真的不知道如何表達工作流程。我已經調查過了ProxyJump,但我不確定這是否是我正在尋找的東西,老實說我也沒有成功。歡迎任何建議!=D
**編輯 #1:**在遵循 Stéphane 的建議後,我最終得到了一個 ssh_config 文件,如下所示:
Host myEC2 Hostname <myEC2_IP> User ubuntu Port 22 IdentityFile ec2_key.pem Host node1 Hostname localhost User xavier Port 3000 IdentityFile /path/to/node1-id_rsa ProxyJump ubuntu@myEC2雖然我可以毫無問題地通過 SSH 進入
myEC2,但我無法進入node1. 我的理解是,這應該等同於ssh -p 3000 -J ubuntu@myEC2 xavier@localhost. 任何幫助是極大的讚賞!這就是我通過將-v標誌添加到 SSH 得到的。xaviermerino@Xaviers-MBP .ssh % ssh doc debug1: Executing proxy command: exec ssh -l ubuntu -W '[localhost]:3000' myEC2 debug1: identity file node1-id_rsa type -1 debug1: identity file node1-id_rsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.1 debug1: Connecting to myEC2 [myEC2_IP_ADDRESS] port 22. debug1: Connection established. debug1: identity file ec2_key.pem type -1 debug1: identity file ec2_key.pem-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000 debug1: Authenticating to myEC2_IP_ADDRESS:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/U4HE+zUBFNZJgxDM6lWDW7FX8GSHXWYc/fMEyOvMlw debug1: Host 'myEC2_IP_ADDRESS' is known and matches the ECDSA host key. debug1: Found key in /Users/xaviermerino/.ssh/known_hosts:226 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks debug1: Will attempt key: ec2_key.pem explicit debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: ec2_key.pem debug1: Authentication succeeded (publickey). Authenticated to myEC2 ([IP_Address_Goes_Here]:22). debug1: channel_connect_stdio_fwd localhost:3000 debug1: channel 0: new [stdio-forward] debug1: getpeername failed: Bad file descriptor debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Remote: /home/ubuntu/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding channel 0: open failed: connect failed: Connection refused stdio forwarding failed kex_exchange_identification: Connection closed by remote host我不確定這意味著什麼它與
sshd_configEC2 中的設置有關嗎?這就是我在那裡的:#AllowAgentForwarding yes #AllowTcpForwarding yes GatewayPorts yes X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none編輯#2:有人關掉了電腦。現在可以了!總結一下,供任何正在研究此問題的人使用。為了解決這個問題,我需要:
Host myEC2 Hostname <myEC2_IP> User ubuntu Port 22 IdentityFile ec2_key.pem Host node1 Hostname localhost User xavier Port 3000 IdentityFile /path/to/node1-id_rsa ProxyJump ubuntu@myEC2就是這樣!謝謝@StephaneChazelas
您實際上是
myEC2用作跳轉主機。
node1您可以通過以下方式從筆記型電腦ssh :ssh -p 3000 -J ubuntu@myEC2 xavier@localhost相應的
ssh_config條目如下所示:Host node1 Hostname localhost User xavier Port 3000 IdentityFile key.pem ProxyJump ubuntu@myEC2請注意,
IdentityFile有一個用於驗證node1. 要為 指定一個myEC2,您需要為 使用另一個Host條目myEC2。