最初,我的问题是“可以使用私有网络上的 mysql 主服务器和互联网上的从服务器进行复制吗?”但后来意识到问题出在隧道上,而不是复制上。
简单介绍一下:我们在办公室的私人内联网上托管我们的网站和电子邮件,并希望在互联网上复制 mysql,以防我们的网络出现故障。这主要用于电子邮件。
我已经尝试并搜索过(这没有提供任何帮助,而且我拥有所有静态IP),并且没有发现任何可以帮助我解决这个问题的东西。
我在私有内联网上有一个主 mysql 服务器,在内联网上有一个从属服务器,在互联网上有一个从属服务器。路由器上的端口转发到主服务器,因此从本质上讲,主服务器是面向互联网的。
我曾尝试过用
autossh -M 0 -q -f -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -L 4444:localhost:22 user@public_ip_for_office
但得到的结果 SYN_SENT
lsof -i -n | grep ssh
ssh 7616 root 3u IPv4 147357 0t0 TCP Remote_ip:42602->Public_IP_for_office:ssh (SYN_SENT)
并且它从未建立。到目前为止,复制是不可能的,因为我没有活动隧道。(本地从属已设置并正确复制。)
有人以前做过同样的事情吗?可以解释一下吗?
根据@Aroly7:
sshd_配置
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
“ssh -vvv -L 40648:127.0.0.1:3306”的输出[电子邮件保护]“
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "98.x.x.x" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 98.x.x.x [98.x.x.x] port 22.
ssh 的输出[电子邮件保护]-p 40648 -v -L 40648:127.0.0.1:3306
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 98.x.x.x [98.x.x.x] port 40648.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 98.x.x.x:40648 as 'ktc_admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:nFnH4JaVGkI5z9a7X6cLHpvXxC2Lq9d5/jV+9y8L07U
debug1: Host '[98.x.x.x]:40648' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:YVTsXDSIQbkoTlTBWDX3Ar3oD8ct8HNHamEolnQko4Y /root/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
duthenticated to 98.x.x.x ([98.x.x.x]:40648).
debug1: Local connections to LOCALHOST:40648 forwarded to remote address 127.0.0.1:3306
debug1: Local forwarding listening on ::1 port 40648.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 40648.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = C.UTF-8
更新
我目前有以下内容:
用户@邮件:~# lsof -i -n | grep ssh
sshd 945 user 3u IPv4 19213 0t0 TCP *:ssh (LISTEN)
sshd 945 user 4u IPv6 19224 0t0 TCP *:ssh (LISTEN)
sshd 9829 user 3u IPv4 170078 0t0 TCP 142.x.x.x:ssh->98.x.x.x:46008 (ESTABLISHED)
sshd 9910 user 3u IPv4 170163 0t0 TCP 142.x.x.x:ssh->98.x.x.x:46018 (ESTABLISHED)
sshd 18444 user 3u IPv4 259519 0t0 TCP 142.x.x.x:ssh->98.x.x.x:40196 (ESTABLISHED)
ssh 18607 user 3u IPv4 260946 0t0 TCP 142.x.x.x:37814->98.x.x.x:40648 (ESTABLISHED)
ssh 18607 user 4u IPv6 260957 0t0 TCP [::1]:40648 (LISTEN)
ssh 18607 user 5u IPv4 260958 0t0 TCP 127.0.0.1:40648 (LISTEN)
ssh 18751 user 3u IPv4 262884 0t0 TCP 142.x.x.x:50590->98.x.x.x:ssh (SYN_SENT)
ssh 18756 user 3u IPv4 262029 0t0 TCP 142.x.x.x:50594->98.x.x.x:ssh (SYN_SENT)
ssh 18758 user 3u IPv4 262042 0t0 TCP 142.x.x.x:50596->98.x.x.x:ssh (SYN_SENT)
ssh 18763 user 3u IPv4 262925 0t0 TCP 142.x.x.x:50598->98.x.x.x:ssh (SYN_SENT)
我已经成功创建了隧道,但无法访问内联网上的服务器上的 mysql - 我想是因为我在这里启用了 unix-socket-only 登录?
答案1
从您的问题来看,我认为您想将主服务器上的端口绑定到从服务器上的 MySQL 端口。
正确的语法是-L $local_port_to_bind:127.0.0.1:$mysql_port_on_slave
然后尝试通过以下方式连接到从站mysql --host=127.0.0.1 --port=$local_port_to_bind -u$User -p
如果问题仍然存在,请提供 sshd_config 和详细 ssh 命令的输出。
好的,最后正确的 autossh 命令将是autossh -M 0 -q -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -L 40648:127.0.0.1:3306 -p 4444 user@public_ip_for_office
答案2
感谢 Arol7 为我指明正确的方向!
我成功创建了隧道:
autossh -M 0 -q -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -L 4444:127.0.0.1:3306 -p 40648 [email protected] -f
注意后面的 -f 将其发送到后台
一旦我获得了隧道的正确参数,设置从站就很容易了