两步远程ssh无密码

两步远程ssh无密码

我正在寻找从本地主机到远程服务器的 ssh,然后从那里到远程计算机。我目前已对其进行设置,以便远程计算机和远程服务器在它们之间设置无密码 ssh-ing,但如果我从本地主机 ssh 进入服务器,然后尝试从那里 ssh 到计算机,我会得到:

Enter passphrase for key '/home/user/.ssh/id_dsa': 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).

如果我尝试从远程服务器上打开的终端 ssh 到远程计算机,它工作得很好。这是否与我的显示器不存在有关:0.0,或者完全是其他原因?我已经尝试过了xhost +local:,但已经迷失了。

谢谢

答案1

如果两个系统都有您本地系统使用的公钥-A

ssh(1)

-A      Enables forwarding of the authentication agent connection.  This
        can also be specified on a per-host basis in a configuration file.

另请注意此警告:

        Agent forwarding should be enabled with caution.  Users with the
        ability to bypass file permissions on the remote host (for the
        agent's UNIX-domain socket) can access the local agent through the
        forwarded connection.  An attacker cannot obtain key material from
        the agent, however they can perform operations on the keys that
        enable them to authenticate using the identities loaded into the
        agent.

结果是,当您针对第二个主机进行身份验证时,身份验证将一直转发回您实际驻留的主机。

例子:

me@host0:~ $ ssh -A host1
Last login: Thu Jun 14 11:31:53 2012 from 2001:db8::b0
me@host1:~ $ ssh -A host2
Last login: Thu Jun 14 11:41:05 2012 from 2001:db8::b1
me@host3:~ $ ssh -A host3
Last login: Tue Jun 12 10:46:50 2012 from 2001:db8::b2
me@host3:~ $ 

答案2

您的代理无法将身份验证传递到远程计算机。如果需要,您可以端口转发连接以直接连接到远程计算机。

这篇关于 SSH 多跳的文章并跳至有关部分ProxyCommand

~/.ssh/config

Host remotecomputername
  ProxyCommand ssh -q remoteservername nc -q0 remotecomputername 22

相关内容