我正在尝试通过跳转主机建立 ssh 连接。它应该像这样 A -> B -> C。我可以很好地从 A 到 B 以及从 B 到 C 连接,但我希望直接从 A 到 C 建立一个连接(我想通过 ssh 使用一些工具。 )
我用的是 mac OSx。这些命令工作正常:
ssh hostB
然后从主机B
ssh hostC
或者
ssh -t hostB ssh hostC
我可以上hostC。
我有另一个隧道设置到一个集群,它工作正常。
ssh cluster
这是我的 .ssh/config 文件:
Host hostB
Hostname xxx.xxx.xxx.xxx
User userB
ForwardAgent yes
IdentityFile ~/.ssh/id_rsa_macbook_air
Host cluster
Hostname clusterHostname
User clusterUser
ProxyCommand ssh hostB -W %h:%p
IdentityFile ~/.ssh/id_rsa
Host hostC
Hostname xxx.xxx.xxx.xxx
User userC
ProxyCommand ssh hostB -W %h:%p
IdentityFile ~/.ssh/id_rsa_macbook_air
Host *+*
ProxyCommand ssh -W $(echo %h | sed 's/^.*+//;s/^\([^:]*$\)/\1:22/') $(echo %h | sed 's/+[^+]*$//;s/\([^+%%]*\)%%\([^+]*\)$/\2 -l \1/;s/:\([^:+]*\)$/ -p \1/')
当我尝试连接到 hostC 时出现以下错误:
ssh hostC -v
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/userC/.ssh/config
debug1: /Users/userC/.ssh/config line 28: Applying options for hostC
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Executing proxy command: exec ssh hostB -W xxx.xxx.xxx.xxx:22
debug1: permanently_drop_suid: 501
debug1: identity file /Users/userC/.ssh/id_rsa_macbook_air type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/userC/.ssh/id_rsa_macbook_air-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
channel 0: open failed: administratively prohibited: open failed
stdio forwarding failed
ssh_exchange_identification: Connection closed by remote host
当我运行时,我得到相同的输出:
ssh -l userC userB%hostB+hostC
我没有也无法在 hostB 上安装 netcat 或任何其他软件。我对我的启动计算机和 hostC 具有完全访问权限。
感谢您的帮助!
答案1
ProxyJumpssh 中也有一个属性。您尝试过以下配置吗?
Host hostC
Hostname xxx.xxx.xxx.xxx
User userC
ProxyJump hostB
IdentityFile ~/.ssh/id_rsa_macbook_air