我正在尝试使用 ssh 命令设置通过 AWS Session Manager 连接的代理(供 ansible 使用)。截至目前,我能够使用 AWS CLI 命令连接到我的虚拟机,如下所示
aws ssm start-session --target i-XXXXXXXXX
考虑到这一点,我尝试在 ssh 配置中设置 ProxyCommand,这与 AWS 推荐的相同
host i-* mi-*
ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p' --region eu-west-2"
现在变得很奇怪,看起来连接已经打开但它只是挂在那里,没有将输入重定向到虚拟机,也没有打印提示。
$ ssh i-XXXXXXXXXXXX -vvvvvvvvv
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/foo/.ssh/config
debug1: /home/foo/.ssh/config line 1: Applying options for i-*
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Executing proxy command: exec sh -c "aws ssm start-session --target i-XXXXXXXXXXXX --document-name AWS-StartSSHSession --parameters 'portNumber=22' --region eu-west-2"
debug1: permanently_drop_suid: 1000
debug1: identity file /home/foo/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: ssh_exchange_identification:
debug1: ssh_exchange_identification: Starting session with SessionId: botocore-session-1563202442-0d72a7be446ee1035
debug1: ssh_exchange_identification: \033[?1034hsh-4.2$
\033[Ksh-4.2$ SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: ssh_exchange_identification: sh: SSH-2.0-OpenSSH_7.6p1: command not found
debug1: ssh_exchange_identification: sh-4.2$
有什么想法吗?我在 Linux 和 Windows 上尝试了相同的配置,将 OpenSSH 更新到 8.x,但没有任何效果。
答案1
SSM 插件和代理版本
- 确保版本1.1.23.0或更高版本的 Session Manager 插件已安装。请参阅在 Amazon EC2 Linux 实例上手动安装 SSM 代理
- 确保 SSM 代理版本2.3.672.0或更高版本。请参阅在 Amazon EC2 Linux 实例上手动安装 SSM 代理