我正在尝试在 SSH 文件条目上转换以下 SSH 命令。
我的命令如下:
ssh -i identity-file.pem -L 20000:internal-host.com:8080 [email protected] -N
这是当前的 SSH 文件
Host remote-host-tunnel
IdentitiesOnly yes
HostName remote-host.com
User user
PubKeyAuthentication yes
IdentityFile ~/.ssh/identity-file.pem
ServerAliveInterval 30
Host internal-host-forwarding
LocalForward 20000 internal-host.com:8080
Hostname internal-host.com
ProxyCommand ssh remote-host-tunnel nc %h %p
我能够按照如下方式到达隧道:
ssh remote-host-tunnel
到目前为止一切运行正常
但是,当我想访问内部主机时,它不起作用
ssh internal-host-forwarding -N
未建立连接
Ncat:连接超时。
kex_exchange_identification:远程主机关闭连接
连接因未知端口 65535 而关闭
答案1
您正在尝试使用 ProxyCommandnetcat建立与内部主机的连接,但这对于端口转发来说不是必需的,只需将两个主机的配置合并到 ssh 配置文件中的单个条目中即可:
Host remote-host-tunnel
IdentitiesOnly yes
HostName remote-host.com
User user
PubKeyAuthentication yes
IdentityFile ~/.ssh/identity-file.pem
ServerAliveInterval 30
LocalForward 20000 internal-host.com:8080
现在您只需连接到remote-host-tunnel
ssh remote-host-tunnel -N
编辑:您还可以为每个内部主机创建多个条目,如下例所示
Host remote-host-tunnel
IdentitiesOnly yes
HostName remote-host.com
User user
PubKeyAuthentication yes
IdentityFile ~/.ssh/identity-file.pem
ServerAliveInterval 30
Host internal-host-forwarding-1
Hostname localhost
Port 20000
ProxyJump remote-host-tunnel
LocalForward 20000 internal-host1.com:8080
Host internal-host-forwarding-2
Hostname localhost
Port 20001
ProxyJump remote-host-tunnel
LocalForward 20001 internal-host2.com:8080
如果你想连接internal-host-forwarding-1sshinternal-host-forwarding-1 -N