通过代理命令与虚拟私有云的 SSH 连接超时,但通过公共主机不会超时

通过代理命令与虚拟私有云的 SSH 连接超时,但通过公共主机不会超时

我在 AWS 中有一个主机,它有公共 DNS,bastion-prod,我可以从本地计算机通过 SSH 连接到它,没有任何问题。从那里,我可以通过 SSH 连接到虚拟私有云中的主机 reports-prod。但是,当我尝试通过本地计算机的代理命令直接通过 SSH 连接到 reports-prod 时,请求超时。在这两种情况下,我都使用相同的密钥。以下是 SSH 和我的 SSH 配置的详细输出。发生了什么?谢谢帮助!

SSH 配置

Host "bastion-prod"
  HostName <removed the actual public IP>
  User <removed the actual username>
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null
  IdentityFile ~/.ssh/Private_Key.pem

Host "reports-prod"
  HostName <removed the actual private IP>
  User <removed the actual username>
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null
  IdentityFile ~/.ssh/Private_Key.pem
  ProxyCommand ssh -W %h:%p bastion-prod

详细 SSH 输出

$ ssh -vvv -F ~/.ssh/config_prod reports-prod
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/username/.ssh/config_prod
debug1: /Users/ibernshteyn/.ssh/config_prod line 155: Applying options for reports-prod
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec ssh -W 10.0.11.51:22 bastion-prod
debug1: permanently_drop_suid: 503
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/username/.ssh/Private_Key.pem" as a RSA1 public key
debug1: identity file /Users/username/.ssh/Private_Key.pem type -1
debug1: identity file /Users/username/.ssh/Private_Key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
ssh: connect to host 52.0.37.205 port 22: Operation timed out
ssh_exchange_identification: Connection closed by remote host

编辑1 说到这里,有趣的是最后两行

ssh: connect to host 52.0.37.205 port 22: Operation timed out
ssh_exchange_identification: Connection closed by remote host

为什么我没有明确尝试连接到 52.0.37.205 时会超时?这不是任何主机的 IP。不过,bastion-prod IP 确实以 52 开头。

答案1

从非默认 SSH 配置文件 (config_prod) 读取 SSH 配置时出现了某种问题。我将所有内容放入默认“config”文件中,并删除 -F 标志,一切正常。

相关内容