我有两个系统
个人MacOS笔记本电脑被称为
system-Laptop
拥有用户laptopuser
。它没有“NAT”服务器 Linux 被称为
system-Server
具有静态 IP 的用户,serveruser
任何人都可以连接到。
system-Server
需要发送ssh
命令以system-Laptop
使用 areverse SSH tunnel
作为system-Laptop
获取动态 IP 并且没有“NAT”
以下是我的设置方法ssh-keys
和reverse SSH
步骤1:为laptopuser
on生成密钥对system-Laptop
,并将公钥id_rsa.pub复制到self~/.ssh/authorized_keys
以及on system-Server
at<serveruserhomedir>/.ssh/authorized_keys
第2步:
serveruser
为on生成密钥对system-Server
并将公钥 id_rsa.pub 复制到 self~/.ssh/authorized_keys
以及 on system-Laptop
at<laptopuserhomedir>/.ssh/authorized_keys
注意:能够成功测试此命令system-Laptop
->ssh serveruser@system-Server
步骤3:
运行以下命令system-Laptop
以保留 ssh 隧道:
ssh -N -R 3322:localhost:22 serveruser@system-Server
步骤4:
运行以下命令从 Linux 服务器连接到我的笔记本电脑:
ssh -p 3322 laptopuser@localhost
问题是上面的命令提示输入密码,一旦我提供laptopuser
密码,它就可以工作。
如何使用 ssh 密钥使上述内容无密码地工作?我错过了什么?第一次这样做[reverse-ssh]所以不知道。
以下是步骤 4 ssh 命令的调试输出:
ssh -p 3322 laptopuser@localhost
.......
.......
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/serveruser/.ssh/id_rsa (0x56539b783370)
debug2: key: /home/serveruser/.ssh/id_dsa ((nil))
debug2: key: /home/serveruser/.ssh/id_ecdsa ((nil))
debug2: key: /home/serveruser/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/serveruser/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/serveruser/.ssh/id_dsa
debug3: no such identity: /home/serveruser/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/serveruser/.ssh/id_ecdsa
debug3: no such identity: /home/serveruser/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/serveruser/.ssh/id_ed25519
debug3: no such identity: /home/serveruser/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
[serveruser@system-Server ~]$ ls -ltr /home/serveruser/.ssh/id_rsa
-rw------- 1 serveruser serveruser 3243 Jan 15 21:01 /home/serveruser/.ssh/id_rsa
答案1
首先,复制 SSH 密钥的最简单方法是使用ssh 复制 ID命令。为两个用户执行此操作。
其次,要创建反向隧道,请使用以下命令(在笔记本电脑上执行):
ssh -fnN -R 3322:localhost:22 serveruser@system-server
最后,连接到隧道服务。如果 ssh-copy-id 之前已完成,则不会询问密码。在系统服务器上执行以下命令,启动从远程 Linux 服务器到笔记本电脑的新 SSH 会话。
ssh -p 3322 laptopuser@localhost