在我的帮助下,ProxyCommand我设置了一些 ssh 收藏夹以方便使用:
host some_server
hostname some_server
port 22
user some_user
IdentityFile /home/user/.ssh/id_rsa
ProxyCommand ssh frontserver1 -W %h:%p
host frontserver1
hostname frontserver1.url.tld
port 22
user some_user
IdentityFile /home/user/.ssh/id_rsa
今天的frontserver1停机时间很长,但我也可以通过frontserver2或进行连接frontserver3。但是,我必须重新设置所有内容,等等some_server_via_front2。这将导致我想要访问的每个 Intranet 服务器(有很多)有 n 个条目,其中 n 是前端服务器的数量。
有更容易的方法吗?
我可以设置替代方案吗ProxyCommand?
类似于:如果ProxyCommand ssh frontserver1 -W %h:%p无法到达,则继续ProxyCommand ssh frontserver2 -W %h:%p,然后frontserver3,...
答案1
鉴于ssh_config手册所说:
ProxyCommand Specifies the command to use to connect to the server. The com- mand string extends to the end of the line, and is executed using the user's shell `exec' directive to avoid a lingering shell process.
您应该能够使用 shell 的逻辑 OR 运算符,因此:
host some_server
hostname some_server
port 22
user some_user
IdentityFile /home/user/.ssh/id_rsa
ProxyCommand ssh frontserver1 -W %h:%p || ssh frontserver2 -W %h:%p || ssh frontserver3 -W %h:%p
host frontserver1
hostname frontserver1.url.tld
port 22
user some_user
IdentityFile /home/user/.ssh/id_rsa
ConnectTimeout 5
host frontserver2
hostname frontserver1.url.tld
port 22
user some_user
IdentityFile /home/user/.ssh/id_rsa
ConnectTimeout 5
host frontserver3
hostname frontserver1.url.tld
port 22
user some_user
IdentityFile /home/user/.ssh/id_rsa
ConnectTimeout 5
我冒昧地ConnectTimeout向每个代理主机添加了一条指令,这样最多需要十五秒才能最终通过列表中的第三个主机失败,而不是n乘以主机数量乘以主机上的默认 TCP 超时设置。