如何修复我的 ssh 密钥未转发到特定服务器的问题

如何修复我的 ssh 密钥未转发到特定服务器的问题

我有一台本地主机L和两台远程服务器S0S2。我可以获取要转发到的 ssh 密钥S0,但不能转发到S2。出了什么问题?详情见下文:

L = dev29
S0 = testserver0
S2 = testserver2

在本地计算机上dev29

[user@dev29 ~]$ head ~/.ssh/config
Host testserver0
   IdentityFile ~/.ssh/id_rsa_liberty
   ForwardAgent yes

Host testserver2
   IdentityFile ~/.ssh/id_odmi_dev_2019_rsa
   ForwardAgent yes
[user@dev29 ~]$ ssh-add -l
2048 SHA256:MdVraEQBZBO2iEGVKVWqN4w+h8CP2iPXIlzQhU65RpE user@dev29 (RSA)
[user@dev29 ~]$ ls -l ~/.ssh/id_rsa_liberty ~/.ssh/id_odmi_dev_2019_rsa
-rw------- 1 user user 1823 Jul 14 12:11 /home/user/.ssh/id_odmi_dev_2019_rsa
-rw------- 1 user user 1675 Apr 22  2013 /home/user/.ssh/id_rsa_liberty

转发至 S0 的工作原理:

[user@dev29 ~]$ ssh backoffice@testserver0
Last login: Sun Jul 14 20:39:50 2019 from <X.Y.Z>
[backoffice@vs3234 ~]$ ssh-add -l
2048 f1:e9:e7:d6:b3:21:de:94:54:af:c6:42:48:2f:01:e3 user@dev29 (RSA)
[backoffice@vs3234 ~]$ cat /etc/redhat-release 
CentOS release 6.10 (Final)
[backoffice@vs3234 ~]$ exit
logout
Connection to testserver0 closed.

转发至 S2 不会:

[user@dev29 ~]$ ssh-add -l
2048 SHA256:MdVraEQBZBO2iEGVKVWqN4w+h8CP2iPXIlzQhU65RpE user@dev29 (RSA)
[user@dev29 ~]$ ssh testserver2
Last login: Sun Jul 14 21:04:09 2019 from 10.137.0.48
[user@testserver2 ~]$ ssh-add -l
The agent has no identities.

看起来没有任何本地配置文件阻止代理转发:

[user@dev29 ~]$ ssh -vvv testserver2 2>&1 | grep 'Reading config'
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
[user@dev29 ~]$ cat /home/user/.ssh/config /etc/ssh/ssh_config /etc/ssh/ssh_config.d/05-redhat.conf /etc/crypto-policies/back-ends/openssh.config | grep -i forwardagent
   ForwardAgent yes
   ForwardAgent yes
   ForwardAgent yes
#   ForwardAgent no
[user@dev29 ~]$ cat /etc/redhat-release 
Fedora release 29 (Twenty Nine

从侧面看testserver2sshd_config似乎还不错,重新启动sshd似乎没有帮助:

[user@testserver2 ~]$ sudo grep -i agentforw /etc/ssh/sshd_config
#AllowAgentForwarding yes
AllowAgentForwarding yes
[user@testserver2 ~]$ sudo service sshd restart
Redirecting to /bin/systemctl restart sshd.service
[user@testserver2 ~]$ cat /etc/redhat-release 
Fedora release 29 (Twenty Nine)
[user@testserver2 ~]$ exit
logout
Connection to testserver2 closed.
[user@dev29 ~]$ ssh testserver2
Last login: Sun Jul 14 21:04:22 2019 from 10.137.0.48
[user@testserver2 ~]$ ssh-add -l
The agent has no identities.

可能存在多个 ssh-agent 实例运行,如https://unix.stackexchange.com/questions/528360/ssh-agent-forwarding-troubleshooting,似乎不是问题:

[user@testserver2 ~]$ ps xaf | grep ssh-agent | grep -v grep
  770 ?        Ss     0:00              \_ /usr/bin/ssh-agent /etc/X11/xinit/Xclients
[user@testserver2 ~]$ exit
logout
Connection to testserver2 closed.
[user@dev29 ~]$ ps xaf | grep ssh-agent | grep -v grep
  714 ?        Ss     0:00              \_ /usr/bin/ssh-agent /etc/X11/xinit/Xclients

有什么建议么?

相关内容