Mac:使用跳转服务器访问远程服务器时出现“kex_exchange_identification:远程主机关闭连接”

tag-icon tag-icon ssh ssl mac
Mac:使用跳转服务器访问远程服务器时出现“kex_exchange_identification:远程主机关闭连接”

我尝试通过以下方式访问远程服务器

ssh -T -D 61480 -o ConnectTimeout=15 'target-box'

但失败了,我收到了错误日志,我已将其包含在下面。我能够通过终端中的 SSH 逐步连接到跳转服务器,然后从该服务器通过 SSH 连接到目标服务器。文件权限也不是问题,因为它们已设置为 0600。

我的配置文件:

'''
Host jump-box
  HostName 166.111.32.48
  User jiangt
  Port 22
  IdentityFile "/Users/macguffin/.ssh/id_rsa"

### The Remote Host
Host target-box
  HostName hepfarm40
  User jiang-t18
  Port 22
  ProxyJump ssh -q -W %h:%p jump-box
'''

记录ssh -vvv -T -D 61480 -o ConnectTimeout=15 'target-box'

'''
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/macguffin/.ssh/config
debug1: /Users/macguffin/.ssh/config line 13: Applying options for target-box
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -vvv -W '[%h]:%p' ssh
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/macguffin/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/macguffin/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Executing proxy command: exec ssh -vvv -W '[hepfarm40]:22' ssh
debug3: timeout: 15000 ms remain after connect
debug1: identity file /Users/macguffin/.ssh/id_rsa type 0
debug1: identity file /Users/macguffin/.ssh/id_rsa-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_ecdsa type -1
debug1: identity file /Users/macguffin/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/macguffin/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_ed25519 type -1
debug1: identity file /Users/macguffin/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/macguffin/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_xmss type -1
debug1: identity file /Users/macguffin/.ssh/id_xmss-cert type -1
debug1: identity file /Users/macguffin/.ssh/id_dsa type -1
debug1: identity file /Users/macguffin/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/macguffin/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/macguffin/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/macguffin/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to ssh port 22.
ssh: Could not resolve hostname ssh: nodename nor servname provided, or not known
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
'''

macOS:13.3.1 (22E261)

答案1

您已经接近了,但是,正如 Ginnungagap 提到的,您可能将 ProxyCommand 与 ProxyJump 混淆了

简单提纲:

在 .ssh/config 中定义跳转主机

Host  jump1
  Hostname        bastion.lereta.com
  User            my-bastion-user-name

然后您就可以使用上述方法访问其他网站:

ssh -J jump1 other.site.net

或者,你可以在 .ssh/config 中定义其他站点

Host othersite
  Host other.site.net
  ProxyJump jump1

然后只需使用

ssh othersite

相关内容