SSH 通过 IP 工作,但通过名称

tag-icon tag-icon ssh
SSH 通过 IP 工作,但通过名称

一般背景:

我有一台带有多个 LXD 容器的服务器,并且在顶部有一个 HAPROXY,用于根据给定的 url 将流量重定向到良好的容器。

指向的容器是gitlab。

主服务器

端口 22 已开放

server# iptables -L -n |grep 22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22

server# netstat -plnt | grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2536/sshd           
tcp6       0      0 :::22                   :::*                    LISTEN      2536/sshd

Gitlab 服务器配置

gitlab# cat /etc/hosts
127.0.0.1       gitlab.pub-domain.com gitlab
127.0.0.1       localhost
127.0.1.1       s-302-gitlab # machine name
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

gitlab# cat /etc/resolv.conf 
search pub-domain.com
search priv-domain.ovh
nameserver 8.8.8.8

# netstat -tulpn | grep 22
tcp        0      0 127.0.0.1:9229          0.0.0.0:*               LISTEN      583/gitlab-workhors 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      5094/sshd           
tcp6       0      0 :::22                   :::*                    LISTEN      5094/ssh

对所有数据进行 ping

在 gitlab 容器中启动并运行:

gitlab# # ssh -T https://[email protected]
https://[email protected]'s password:
gitlab# ssh -T https://[email protected]
https://[email protected]'s password:

现在转到另一台机器(为了简单起见,我们假设是服务器)并 ping :

server# ping pub-domain.com
PING pub-domain.com (31.7.xx.yy) 56(84) bytes of data.
64 bytes from 31.7.xx.yy (31.7.xx.yy): icmp_seq=1 ttl=64 time=0.588 ms
--- pub-domain.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms

server# ping gitlab.pub-domain.com
PING pub-domain.com (31.7.xx.yy) 56(84) bytes of data.
64 bytes from 31.7.xx.yy (31.7.xx.yy): icmp_seq=1 ttl=64 time=0.588 ms
--- pub-domain.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms

SSH

server# ssh git@s-302-gitlab
ssh: connect to host s-302-gitlab port 22: Connection refused
server# ssh -T https://[email protected]
ssh: connect to host gitlab.pub-domain.com port 22: Connection refused
server# ssh -T [email protected]
The authenticity of host '192.168.3.200 (192.168.3.200)' can't be established.
ECDSA key fingerprint is SHA256:Pe2vY/8GyG3o6ZkDErTN8Ko+k9veJA9S4wnHvQXSYJk.
Are you sure you want to continue connecting (yes/no)?

知道为什么我只能使用 IP 而不能使用域/URL 进行连接吗?

回复评论

# dig +short s-302-gitlab
# dig +short gitlab.pub-domain.com
pub-domain.com.
31.7.xx.yy

谢谢,

相关内容