我尝试使用 ssh 配置文件映射以下多跳:
ssh -tt -l jumphost 192.168.1.5 ssh -tt -l jumphost 192.168.2.111 ssh -tt -l inside_server 192.168.3.50
无需使用以下命令之一作为配置:
ssh -oProxyCommand="ssh -q -oProxyCommand=\"ssh -q [email protected] nc -q0 192.168.2.111 22\" [email protected] nc -q0 192.168.3.50 22" [email protected]
ssh -oProxyCommand="ssh -W %h:%p -oProxyCommand=\"ssh -W %%h:%%p [email protected]\" [email protected]" [email protected]
ssh -J [email protected],[email protected] [email protected]
使用以下 ssh 配置
cat ~/.ssh/config
Host jump
RequestTTY force
Hostname 192.168.1.5
User jumphost
Host inside_gateway
ProxyCommand ssh jump
RequestTTY force
Hostname 192.168.2.111
User jumphost
Host inside_inside_server
ProxyCommand ssh inside_gateway
RequestTTY force
Hostname 192.168.3.50
User inside_server
我第一次登录成功,但之后失败了:
ssh inside_inside_server -vvv
OpenSSH_8.9 ... OpenSSL 3.0 ...
...
[email protected]'s password:
Bad packet length 21...
ssh_dispatch_run_fatal: Connection to UNKNOWN port 65535: message authentication code
incorrect
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
这里有什么问题?
答案1
您应该使用ProxyJump而不是ProxyCommand。如果您的目标是简化此命令行:
ssh -tt -l jumphost 192.168.1.5 \
ssh -tt -l jumphost 192.168.2.111 \
ssh -tt -l inside_server 192.168.3.50
你可能想要类似这样的配置:
Host jump
Hostname 192.168.1.5
User jumphost
Host inside_gateway
Hostname 192.168.2.111
ProxyJump jump
User jumphost
Host inside_inside_server
Hostname 192.168.3.50
ProxyJump inside_gateway
User inside_server
当你运行 时ssh inside_inside_server,这将:
- 建立从本地主机到
jump - 在连接 1 上叠加从本地主机到
inside_gateway - 在连接 2 上覆盖从本地主机到
inside_inside_server