我尝试通过 SSH 隧道使用 KVM 控制台,但收到连接被拒绝的 Java 错误。这是我正在做的事情:
在我的 Macbook 上,我使用以下命令通过跳转主机建立到远程服务器的 SSH 隧道:
ssh -L 1234:TARGET_SERVER:443 jumphost.foo.com
接下来我通过以下方式连接到远程服务器的 GUI:https://127.0.0.1:1234
一切都很好。我登录到服务器,单击 Java KVM 控制台按钮,我的浏览器会下载viewer.jnlp 小程序。 jnlp 文件内所有 HTTPS 引用列表https://127.0.0.1:443当运行这个 jnlp 文件时,Java 返回一个错误:
无法启动应用程序
因此,我使用 VI 进入该文件,并将所有端口 443 设置更改为端口 1234。现在所有内容都引用https://127.0.0.1:1234。然后我再次运行 JNLP 文件(使用 javaws),我已经得到了一些结果。我首先收到关于这是一个连接不受信任,我应该继续吗?我选择继续。接下来它会下载 KVM 应用程序,下一条消息是:你想运行此应用程序?所以我选择运行。
这是 Java 失败并在 Java 控制台日志中有效显示“连接被拒绝”的情况。我认为问题可能与 SSH 隧道有关,但我不知道需要做什么才能解决问题。我需要使用隧道通过 Jumphost 运行 Java JNLP,并且知道解决方案是什么;还可以访问离线且只能通过 IPMI 连接访问的远程服务器。
Java 控制台日志:
--Java Web Start 11.191.2.12 x86_64
Using JRE version 1.8.0_191-b12 Java HotSpot(TM) 64-Bit Server VM
User home directory = /my/homedir
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
0-5: set trace level to <n>
----------------------------------------------------
Missing Application-Name manifest attribute for: https://127.0.0.1:1234/software/avctNuova.jar.pack.gz
MAC OS X
KVM/VM Client Version: 5.04.02 (Build 192)
replace numpad
replace numpad
** Max Size: W = 1920 H = 976
** Window Pref Size: W = 1024 H = 812
** Max Size: W = 1920 H = 976
** Window Pref Size: W = 1024 H = 812
JNLPClassLoader: Finding library libVMAPI_DLL.dylib
JNLPClassLoader: Finding library libjawt.dylib
JNLPClassLoader: Finding library libavctKVMIO.dylib
Try again with the reduced mode protocol list
Already tried the reduced mode protocol list, quitting
java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at java.net.Socket.connect(Socket.java:538)
at java.net.Socket.<init>(Socket.java:434)
at java.net.Socket.<init>(Socket.java:211)
at com.avocent.protocol.apcp.ProtocolAPCP.createBasicSocket(Unknown Source)
at com.avocent.protocol.apcp.ProtocolAPCP.getAvspSocket(Unknown Source)
at com.avocent.protocol.apcp.ProtocolAPCP.getAvspPrimarySocket(Unknown Source)
at com.avocent.protocol.avsp.AvspKvmSession.connectToPort(Unknown Source)
at com.avocent.protocol.avsp.AvspKvmSession.connectToPort(Unknown Source)
at com.avocent.api.viewer.RPAPIClientViewer.sendConnectRequestToServer(Unknown Source)
at com.avocent.api.viewer.RPAPIClientViewer.openViewerClient(Unknown Source)
at com.avocent.app.kvm.DefaultViewerMainController.startSession(Unknown Source)
at com.avocent.app.kvm.DefaultViewerMainController.startApp(Unknown Source)
at com.avocent.nuova.kvm.CiscoViewerMainController.startApp(Unknown Source)
at com.avocent.nuova.kvm.Main.runApp(Unknown Source)
at com.avocent.nuova.kvm.Main.main(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
CoreSessionListener : connection failed
in CoreSessionListner : fireOnSessionStateChanged
KVM session state SESSION_FAILED
答案1
您可能需要将此主机的例外添加到位于 JRE/JDK 路径中的 java.security 文件中。如果您正在通过代理或在链中拥有任何类型的自签名或非根信任证书(或者您通过 http 而不是 https 进行访问),那么您需要告诉 Java 可以这样做。