堆栈内存溢出
  简体   繁体   English

LXC exec bash ssh-agent 转发

[英]LXC exec bash ssh-agent forwarding

 原文  2017-02-08 08:03:29       ssh/ lxc/ ssh-agent

问题描述

I have an Ubuntu server.我有一个 Ubuntu 服务器。 I have configure ssh-agent forwarding to it.我已经配置了 ssh-agent 转发给它。 The server runs a few lxc containers.服务器运行几个 lxc 容器。

When I "lxc exec container bash", the ssh-agent isn't forwarded to the lxc bash.当我“lxc exec container bash”时,ssh-agent 不会转发到 lxc bash。

How can I forward ssh-agent to lxc containers bash ?如何将 ssh-agent 转发到 lxc 容器 bash ?

1 个解决方案

解决方案1
 0  2021-07-21 13:24:25

This isn't really possible with lxc exec .这对于lxc exec是不可能的。 This command is completely different mechanism of accessing the container than SSH.此命令是与 SSH 完全不同的访问容器的机制。 lxc exec communicates with LXD daemon over REST API, the daemon spawns requested process inside the container and forwards process' stdout to lxc. lxc exec通过 REST API 与 LXD 守护进程通信,守护进程在容器内生成请求的进程并将进程的标准输出转发到 lxc。 So no SSH connection is happening behind the scenes.所以幕后没有发生 SSH 连接。

Therefore, if you would like to use ssh-agent-based workflow, you simply need to set up SSH inside the container.因此,如果您想使用基于 ssh-agent 的工作流,您只需在容器内设置 SSH。

Depends what distros you are running in the containers, openssh might be already installed and even enabled;取决于您在容器中运行的发行版,openssh 可能已经安装甚至启用; that's the case for Ubuntu. Ubuntu 就是这种情况。 If, not install it and follow these steps:如果,不安装它并按照以下步骤操作:

  1. Copy your key (tip: with ssh-agent forwarding, you can use ssh-add -L to quickly print your identities)复制您的密钥(提示:使用 ssh-agent 转发,您可以使用ssh-add -L快速打印您的身份)
  2. Access container old method: lxc exec <container> bash访问容器旧方法: lxc exec <container> bash
  3. Use vi/vim or nano to edit ~/.ssh/authorized_keys .使用 vi/vim 或 nano 编辑~/.ssh/authorized_keys Paste your key and save the file.粘贴您的密钥并保存文件。
  4. Logout.登出。

From now on, you can use ssh -A <CONTAINER_IP> and expect it to work.从现在开始,您可以使用ssh -A <CONTAINER_IP>并期望它能够正常工作。 CONTAINER_IP is something you can find by running lxc list , for example.例如,您可以通过运行lxc list找到 CONTAINER_IP 。

Optionally, you can add your container to /etc/hosts to avoid typing IP address each time.或者,您可以将容器添加到/etc/hosts以避免每次都输入 IP 地址。 Another tip: check sshd_config on the container to make sure your SSH key is the only way to login.另一个提示:检查容器上的sshd_config以确保您的 SSH 密钥是登录的唯一方式。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ssh-agent,capistrano并将密钥转发到github - ssh-agent, capistrano and forwarding keys to github 如何禁用 ssh-agent 转发 - How to disable ssh-agent forwarding SSH用于Bash脚本(SSH-Agent) - SSH for Bash Script (SSH-Agent) 在 bash 脚本中运行 ssh-agent - Running ssh-agent in bash script 将 vagrant 上的 ssh-agent 转发给 vagrant 以外的其他用户 - forwarding ssh-agent on vagrant to other user than vagrant ssh连接产生了数百个ssh-agent / bin / bash实例 - ssh connections are spawning hundreds of ssh-agent /bin/bash instances 如何检查 ssh-agent 是否已经在 bash 中运行? - How to check if ssh-agent is already running in bash? 在Ansible中通过SSH进行GIT挂起,即使设置了ssh-agent转发也是如此 - GIT over SSH in Ansible hangs, eventhough ssh-agent forwarding is set up ssh-agent无法与git一起使用 - ssh-agent not working with git sh脚本不会将ssh密钥添加到ssh-agent(windows git bash) - sh script doesn't add ssh key to ssh-agent (windows git bash)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM