基于 ssh 命令和端口转发的 SSH 配置

基于 ssh 命令和端口转发的 SSH 配置

我正在尝试在 SSH 文件条目上转换以下 SSH 命令。

我的命令如下:

ssh -i identity-file.pem -L 20000:internal-host.com:8080 [email protected] -N

这是当前的 SSH 文件

Host remote-host-tunnel
  IdentitiesOnly yes
  HostName remote-host.com
  User user
  PubKeyAuthentication yes
  IdentityFile ~/.ssh/identity-file.pem
  ServerAliveInterval 30

Host internal-host-forwarding
  LocalForward 20000 internal-host.com:8080
  Hostname internal-host.com
  ProxyCommand ssh remote-host-tunnel nc %h %p

我能够按照如下方式到达隧道:

ssh remote-host-tunnel

到目前为止一切运行正常

但是,当我想访问内部主机时,它不起作用

ssh internal-host-forwarding -N

未建立连接

Ncat:连接超时。

kex_exchange_identification:远程主机关闭连接

连接因未知端口 65535 而关闭

答案1

您正在尝试使用 ProxyCommandnetcat建立与内部主机的连接,但这对于端口转发来说不是必需的,只需将两个主机的配置合并到 ssh 配置文件中的单个条目中即可:

Host remote-host-tunnel
  IdentitiesOnly yes
  HostName remote-host.com
  User user
  PubKeyAuthentication yes
  IdentityFile ~/.ssh/identity-file.pem
  ServerAliveInterval 30
  LocalForward 20000 internal-host.com:8080

现在您只需连接到remote-host-tunnel

ssh remote-host-tunnel -N

编辑:您还可以为每个内部主机创建多个条目,如下例所示

Host remote-host-tunnel
  IdentitiesOnly yes
  HostName remote-host.com
  User user
  PubKeyAuthentication yes
  IdentityFile ~/.ssh/identity-file.pem
  ServerAliveInterval 30

Host internal-host-forwarding-1
  Hostname localhost
  Port 20000
  ProxyJump remote-host-tunnel
  LocalForward 20000 internal-host1.com:8080

Host internal-host-forwarding-2
  Hostname localhost
  Port 20001
  ProxyJump remote-host-tunnel
  LocalForward 20001 internal-host2.com:8080

如果你想连接internal-host-forwarding-1sshinternal-host-forwarding-1 -N

相关内容