ssh 通过带有 corkscrew 的 http 代理失败

tag-icon tag-icon ssh proxy
ssh 通过带有 corkscrew 的 http 代理失败

我正在尝试使用 corkscrew 和 ~/.ssh/config 中的以下节通过 HTTP 代理通过 SSH 连接到远程服务器:

Host target
  ProxyCommand corkscrew proxy 80 remote.host.ip 443 ~/.ssh/proxyauth

其中;“proxy 80”是 HTTP 代理的 DNS 名称和端口,我的 ssh 服务器配置为监听 remote.host.ip 的端口 443,并且 proxyauth 文件包含访问 HTTP 代理所需的“user:password”。

我在客户端得到以下内容;

$ ssh target
ssh_exchange_identification: Connection closed by remote host

在服务器上,在 /var/log/auth.log 我得到;

Mar 12 13:16:32 hostname sshd[16029]: Did not receive identification string from x.x.x.x

看起来好像 SSH 客户端(OpenSSH)没有正确启动协议,或者代理以某种方式破坏了它,然后服务器关闭了连接。

我尝试过并排除的事情是;

  1. 使用与 ~/.ssh/config ProxyCommand 中相同的参数直接在客户端计算机上运行 corkscrew。这有效,并且我看到了服务器的 SSH 横幅广告协议和版本信息。因此,通过 HTTP 代理的基本连接有效,并且 SSHD 肯定可以访问(也可以通过查看服务器上的日志条目来证明)。

  2. 针对同一台服务器测试了客户端的密钥对,但主机不需要代理。测试结果正常,因此密钥对没有问题。

  3. 增加了SSH两端的日志记录,结果显示;

客户...

$ ssh -vvv target
OpenSSH_6.2p2, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/davisond/.ssh/config
debug1: /home/davisond/.ssh/config line 3: Applying options for home
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 50: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec corkscrew proxy 80 remote.host.ip 443 ~/.ssh/proxyauth
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/davisond/.ssh/id_rsa" as a RSA1 public key
debug1: permanently_drop_suid: 1000
debug1: identity file /home/davisond/.ssh/id_rsa type 1
debug1: identity file /home/davisond/.ssh/id_rsa-cert type -1
debug1: identity file /home/davisond/.ssh/id_dsa type -1
debug1: identity file /home/davisond/.ssh/id_dsa-cert type -1
debug1: identity file /home/davisond/.ssh/id_ecdsa type -1
debug1: identity file /home/davisond/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
ssh_exchange_identification: Connection closed by remote host

并在服务器上;

Mar 12 13:23:49 hepburn sshd[20786]: debug1: Forked child 20997.
Mar 12 13:23:49 hepburn sshd[20997]: Set /proc/self/oom_score_adj to 0
Mar 12 13:23:49 hepburn sshd[20997]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Mar 12 13:23:49 hepburn sshd[20997]: debug1: inetd sockets after dupping: 3, 3
Mar 12 13:23:49 hepburn sshd[20997]: Connection from x.x.x.x port 22104
Mar 12 13:23:49 hepburn sshd[20997]: Did not receive identification string from x.x.x.x

有谁能提供一些指点,告诉大家下一步该怎么做才能使这项工作成功?

相关内容