有一个位于内部子网中的 HostA,只能从网关主机看到。然后我发出如下命令:
%ssh -t -o ProxyCommand='ssh GateWayUser@GatWayHost nc HostA 22' HostAUser@HostA ls -la
它工作正常。
但是如果我尝试使用 ~/.ssh/config,它不起作用:
% ssh -t HostAUser@HostA ls -la
ssh: connect to host <HostA IP here> port 22: Connection timed out
~/.ssh/config 如下所示:
Host TargetHost
HostName It's IP
User It's User
Host GatWayHost
HostName It's IP
User It's User
ProxyCommand ssh GateWayUser@GatWayHost nc HostA 22
关于如何使其发挥作用,有什么建议吗?
答案1
你可以反过来做:
Host TargetHost
HostName It's IP
User It's User
ProxyCommand ssh GateWayUser@GatWayHost nc HostA 22
Host GatWayHost
HostName It's IP
User It's User
您将代理命令放入相应目标主机的匹配块中,而不是相反。但您可以大大简化该命令:
ProxyCommand ssh GatWayHost nc %h %p
或者直接使用内部 io 转发:
ProxyCommand ssh -W %h:%p GatWayHost