到目前为止,我已经有一个使用的家庭服务器这项技术在家外访问它。
但现在我有其他要求,我想从我的家庭服务器内的 docker 容器中制作这个。但是,如果我尝试连接到隧道,则会收到连接拒绝错误。
因此,为了设置这样的东西,我有一个在线 VPS 和我的家庭服务器。在我的家庭服务器内,我有一个正在运行的容器。我通过正确配置authorized_keys彼此的文件,在 VPS 和容器之间交换公钥。我已确认我正在使用 运行容器-p 22:22,并且容器外部没有运行可能使用主机端口 22 的 SSH 服务。
然后我在容器中运行以下命令:
$ ssh -vvvfN -oStrictHostKeyChecking=no -R 20007:localhost:22 [email protected]
然后在我的 VPS 中输入此内容,然后输出
$ ssh -vvv container_user@localhost -p 20007
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "localhost" port 20009
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 20009.
debug1: Connection established.
debug1: identity file /home/raspi/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/raspi/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/raspi/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/raspi/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/raspi/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/raspi/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/raspi/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/raspi/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
ssh_exchange_identification: Connection closed by remote host
现在,当我检查容器日志时,我看到的是:
debug1: client_input_global_request: rtype [email protected]
want_reply 0
debug1: remote forward success for: listen 20007, connect localhost:22
debug1: All remote forwarding requests processed
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 2 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 20007, originator 127.0.0.1 port 60364
debug2: fd 7 setting O_NONBLOCK
debug2: fd 7 setting TCP_NODELAY
debug1: connect_next: host localhost ([::1]:22) in progress, fd=7
debug3: fd 7 is O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 0: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug3: channel 0: waiting for connection
debug1: channel 0: connection failed: Connection refused
debug2: fd 8 setting O_NONBLOCK
debug2: fd 8 setting TCP_NODELAY
debug1: connect_next: host localhost ([127.0.0.1]:22) in progress, fd=8
debug3: channel 0: waiting for connection
debug1: channel 0: connection failed: Connection refused
connect_to localhost port 22: failed.
debug2: channel 0: zombie
debug2: channel 0: garbage collecting
debug1: channel 0: free: 127.0.0.1, nchannels 1
debug3: channel 0: status: The following connections are open:
请记住,当在容器外部运行时,所有这些步骤都可以完美运行,但不知何故,在容器内部,VPS 无法使用隧道建立连接......
编辑:这是容器与远程服务器建立隧道的代码:
FROM ubuntu:16.04
RUN apt-get update && apt-get install -y ssh htop nano autossh
RUN ssh-keygen -f $HOME/.ssh/id_rsa -t rsa -N ''; \
COPY authorized_keys $HOME/.ssh/
echo '=======SAVE THIS KEY TO ~/.ssh/authorized_keys in the Cloud Server======='; \
cat $HOME/.ssh/id_rsa.pub; \
echo '=========================================================================';
RUN sleep 20 # Give me time to put the key in the cloud server
RUN echo "/usr/bin/ssh -vvvfN -oStrictHostKeyChecking=no -R 20009:localhost:22 [email protected]" > $HOME/connect.sh; \
chmod 777 $HOME/connect.sh
EXPOSE 22
EXPOSE 20009
CMD ["sh", "-c", "$HOME/connect.sh"]
这个 Dockerfile:
- 生成密钥对,
- 存储远程服务器的公钥,
- 等待 20 秒让我将该密钥对放入远程服务器的authorized_keys中,
- 然后打开隧道。
正如您在错误消息中看到的那样,它不能很好地工作。但如果我在物理机器而不是容器中执行这些完全相同的步骤,它就可以正常工作......