我有一台本地主机L和两台远程服务器S0和S2。我可以获取要转发到的 ssh 密钥S0,但不能转发到S2。出了什么问题?详情见下文:
L = dev29
S0 = testserver0
S2 = testserver2
在本地计算机上dev29:
[user@dev29 ~]$ head ~/.ssh/config
Host testserver0
IdentityFile ~/.ssh/id_rsa_liberty
ForwardAgent yes
Host testserver2
IdentityFile ~/.ssh/id_odmi_dev_2019_rsa
ForwardAgent yes
[user@dev29 ~]$ ssh-add -l
2048 SHA256:MdVraEQBZBO2iEGVKVWqN4w+h8CP2iPXIlzQhU65RpE user@dev29 (RSA)
[user@dev29 ~]$ ls -l ~/.ssh/id_rsa_liberty ~/.ssh/id_odmi_dev_2019_rsa
-rw------- 1 user user 1823 Jul 14 12:11 /home/user/.ssh/id_odmi_dev_2019_rsa
-rw------- 1 user user 1675 Apr 22 2013 /home/user/.ssh/id_rsa_liberty
转发至 S0 的工作原理:
[user@dev29 ~]$ ssh backoffice@testserver0
Last login: Sun Jul 14 20:39:50 2019 from <X.Y.Z>
[backoffice@vs3234 ~]$ ssh-add -l
2048 f1:e9:e7:d6:b3:21:de:94:54:af:c6:42:48:2f:01:e3 user@dev29 (RSA)
[backoffice@vs3234 ~]$ cat /etc/redhat-release
CentOS release 6.10 (Final)
[backoffice@vs3234 ~]$ exit
logout
Connection to testserver0 closed.
转发至 S2 不会:
[user@dev29 ~]$ ssh-add -l
2048 SHA256:MdVraEQBZBO2iEGVKVWqN4w+h8CP2iPXIlzQhU65RpE user@dev29 (RSA)
[user@dev29 ~]$ ssh testserver2
Last login: Sun Jul 14 21:04:09 2019 from 10.137.0.48
[user@testserver2 ~]$ ssh-add -l
The agent has no identities.
看起来没有任何本地配置文件阻止代理转发:
[user@dev29 ~]$ ssh -vvv testserver2 2>&1 | grep 'Reading config'
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
[user@dev29 ~]$ cat /home/user/.ssh/config /etc/ssh/ssh_config /etc/ssh/ssh_config.d/05-redhat.conf /etc/crypto-policies/back-ends/openssh.config | grep -i forwardagent
ForwardAgent yes
ForwardAgent yes
ForwardAgent yes
# ForwardAgent no
[user@dev29 ~]$ cat /etc/redhat-release
Fedora release 29 (Twenty Nine
从侧面看testserver2,sshd_config似乎还不错,重新启动sshd似乎没有帮助:
[user@testserver2 ~]$ sudo grep -i agentforw /etc/ssh/sshd_config
#AllowAgentForwarding yes
AllowAgentForwarding yes
[user@testserver2 ~]$ sudo service sshd restart
Redirecting to /bin/systemctl restart sshd.service
[user@testserver2 ~]$ cat /etc/redhat-release
Fedora release 29 (Twenty Nine)
[user@testserver2 ~]$ exit
logout
Connection to testserver2 closed.
[user@dev29 ~]$ ssh testserver2
Last login: Sun Jul 14 21:04:22 2019 from 10.137.0.48
[user@testserver2 ~]$ ssh-add -l
The agent has no identities.
可能存在多个 ssh-agent 实例运行,如https://unix.stackexchange.com/questions/528360/ssh-agent-forwarding-troubleshooting,似乎不是问题:
[user@testserver2 ~]$ ps xaf | grep ssh-agent | grep -v grep
770 ? Ss 0:00 \_ /usr/bin/ssh-agent /etc/X11/xinit/Xclients
[user@testserver2 ~]$ exit
logout
Connection to testserver2 closed.
[user@dev29 ~]$ ps xaf | grep ssh-agent | grep -v grep
714 ? Ss 0:00 \_ /usr/bin/ssh-agent /etc/X11/xinit/Xclients
有什么建议么?