堆栈内存溢出
  简体   繁体   English

如何正确配置ssh proxycommand以运行docker exec?

[英]How do I configure ssh proxycommand correctly to run docker exec?

 原文  2015-12-24 00:41:18       linux/ ubuntu/ ssh/ proxy/ docker

问题描述

I have a host defined in /etc/hosts called web1 . 我在/etc/hosts定义了一个名为web1 /etc/hosts There is a docker container with the name store . 有一个名为store的Docker容器。

While on my workstation I can ssh into the machine and execute the command to enter the container interactively like this 在工作站上时,我可以像这样通过ssh进入机器并执行命令以交互方式进入容器 

ssh -t -t web1 docker exec -ti store /bin/bash

It properly drops me right into the container as root as I had hoped. 正如我希望的那样,它可以将我正确地以root用户身份正确地放入容器中。

However, I really want to define a pseudo host named store and set it up in my ~/.ssh/config file like this using ProxyCommand so I can use ssh store 但是,我真的想定义一个名为store的伪主机,并使用ProxyCommand在我的~/.ssh/config文件中进行ProxyCommand以便可以使用ssh store 

Host store
ProxyCommand ssh -t -t web1 docker exec -ti store /bin/bash

But it fails with the following error: 但是它失败,并显示以下错误: 

Bad packet length 218958363.
ssh_dispatch_run_fatal: Connection to UNKNOWN: message authentication code incorrect
Killed by signal 1.

If I add -v for some debugging, the last two lines just before the block above are 如果我添加-v进行调试,则在上面代码块之前的最后两行是 

debug1: Authenticating to store:22 as 'user1'
debug1: SSH2_MSG_KEXINIT sent
  1. I think it is trying ssh into the store container instead of just executing the command which is throwing that error, is that correct? 我认为它正在尝试将ssh放入store容器中,而不是仅执行引发该错误的命令,对吗? If not what is the issue? 如果不是,那是什么问题?
  2. Is there a way to do this using ProxyCommand without trying to ssh into the container but instead just use the docker exec? 有没有一种方法可以使用ProxyCommand而不尝试ssh进入容器,而只使用docker exec?
  3. Is it easy enough to also setup the ssh into the container? 将ssh设置到容器中是否足够容易? We currently aren't doing that as a matter of practice. 实际上,我们目前并未这样做。
  4. Is there another option other than an alias for ssh-store ? 除了ssh-store的别名以外,还有其他选择吗?

The end goal is to have a virtual host defined that I can just say ssh store and have it end up in the store container on web1 . 最终目标是定义一个虚拟主机,我可以说ssh store并将其最终storeweb1上的store容器中。

Edited: 编辑:

Solution: 解:

As Jakuje indicated, using the ProxyCommand with ssh is not going to allow a non-ssh further command. 正如Jakuje所指出的那样,将ProxyCommand与ssh一起使用将不允许进一步的非ssh命令。 Therefore I am just using an alias and potentially a bash function for this to accomplish it. 因此,我只是使用别名和可能的bash函数来完成此任务。 I've setup both. 我都设置了。

Also per Jakuje's recommendation in ~/.ssh/config 也根据Jakuje在〜/ .ssh / config中的建议 

Host web1
RequestTTY yes

in ~/.bash_aliases 在〜/ .bash_aliases中 

alias ssh-store="ssh web1 docker exec -ti store /bin/bash"

so I can do ssh-store and end up in the container 所以我可以进行ssh-store并最终放入容器中

or in ~/.bashrc 或〜/ .bashrc中 

function ssh-web1 { ssh web1 docker exec -ti $1 /bin/bash; }

so I can do ssh-web1 store and also end up in the container 所以我可以做ssh-web1 store ,也可以放在容器中

1 个解决方案

解决方案1
 0 已采纳  2015-12-24 10:20:41

I think it is trying ssh into the store container instead of just executing the command which is throwing that error, is that correct? 我认为它正在尝试将ssh放入存储容器中,而不是仅执行引发该错误的命令,对吗? If not what is the issue? 如果不是,那是什么问题?

Yes

Is there a way to do this using ProxyCommand without trying to ssh into the container but instead just use the docker exec? 有没有一种方法可以使用ProxyCommand而不尝试ssh进入容器,而只使用docker exec?

No. It does not work this way. 否。这种方式行不通。 ProxyCommand expects the other step to be also SSH session and not direct bash prompt. ProxyCommand希望其他步骤也是SSH会话,而不是直接bash提示。

Is it easy enough to also setup the ssh into the container? 将ssh设置到容器中是否足够容易? We currently aren't doing that as a matter of practice. 实际上,我们目前并未这样做。

I think this is unnecessary overhead. 我认为这是不必要的开销。 But it is possible as described in many other questions around here. 但是有可能如此处其他许多问题所述。

At least you can get rid of -t -t by specifying RequestTTY in your ~/.ssh/config . 至少您可以通过在~/.ssh/config指定RequestTTY来摆脱-t -t But the rest have to be bash alias or function (if you have more host function is more appropriate). 但是其余的必须是bash别名或函数(如果您拥有更多的宿主函数则更合适)。 

function ssh-docker {
    ssh web1 docker exec -ti $1 /bin/bash
}

and then you can call it regardless the container like this: 然后您可以调用它,而不管像这样的容器: 

ssh-docker store

You just store such function into your .bashrc or where you stored your aliases. 您只需将此类函数存储到.bashrc或将别名存储在其中。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何自动化两层SSH和一个docker exec? - How do I automate two layers of SSH plus a docker exec? 如何清除 SSH ProxyCommand 打开的连接? - How to purge connections left open by SSH ProxyCommand? 如何在docker中正确配置supervisor - How to configure supervisor in docker correctly 如何配置多个 ssh 访问 EC2 实例 - How do I configure multiple ssh access to an EC2 instance 如何在Ubuntu 11.10上正确配置Oracle Java JDK 7(不是Open JDK)并运行带有引用的JAR文件的Java程序? - How do I configure Oracle Java JDK 7 (not Open JDK) correctly on Ubuntu 11.10 and run a Java Program with referenced JAR files? 如何正确配置Beaglebone Black PWM - How do I configure the Beaglebone Black PWM correctly 如何通过ssh连接运行PHPUnit Selenium测试? - How do I run PHPUnit Selenium tests over a ssh connection? 如何在git包上运行./configure脚本? - How do I run the ./configure script on git package? 如何配置 Apache 2 以运行 Perl CGI 脚本? - How do I configure Apache 2 to run Perl CGI scripts? 如何在不运行ssh-agent的情况下将GitHub与SSH一起使用? - How do I use GitHub with SSH without having to run ssh-agent?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM