[英]How to SSH tunnel from jump server to another server without directly logging in to the jump server
I know, this question has been asked a lot, but still I have problems using ssh
proxy.我知道,这个问题被问了很多,但我在使用
ssh
代理时仍然遇到问题。
I have an EC2
server (running a simple web server) which is in a private network in aws
.我有一个
EC2
服务器(运行一个简单的 web 服务器),它位于aws
的专用网络中。 And have a jumphost
to connect to it.并有一个
jumphost
连接到它。 jumphost
is in a public network. jumphost
在公共网络中。 Only way I can login in to the web server instance is through the jumphost
.我可以登录到 web 服务器实例的唯一方法是通过
jumphost
。
So I have created ~/.ssh/config
file in my local computer as below:所以我在本地计算机中创建了
~/.ssh/config
文件,如下所示:
Host jumphost
Hostname <Retracted-Public-IP>
user ec2-user
IdentityFile /Users/jananath/.ssh/private-key.pem
I can log in to the jumphost
as: ssh jumphost
and it works.我可以登录到
jumphost
为: ssh jumphost
并且它可以工作。
And in the jumphost
above I have configured ~/.ssh/config
as below:在上面的
jumphost
中,我配置了~/.ssh/config
如下:
Host my-web-server
Hostname <Retracted-Private-IP>
user ec2-user
IdentityFile ~/.ssh/web-server-private-key.pem
And I can ssh into the web server (from jumphost
) as ssh my-web-server
and it works.我可以 ssh 进入 web 服务器(来自
jumphost
)作为ssh my-web-server
并且它可以工作。
I don't want to log in to the jumphost
everytime I need to log into the web server, so I tried proxying.我不想每次需要登录
jumphost
服务器时都登录jumphost,所以我尝试了代理。
Therefore, I added another block to my local ~/.ssh/config
file as below:因此,我在本地
~/.ssh/config
文件中添加了另一个块,如下所示:
Host jumphost
Hostname <Retracted-Public-IP>
user ec2-user
IdentityFile /Users/jananath/.ssh/private-key.pem
Host my-web-server
ProxyCommand ssh jumphost -W %h:%p
And I tried: ssh my-web-server
and it gives the below output:我试过:
ssh my-web-server
它给出了以下 output:
kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535
kex_exchange_identification:连接被远程主机关闭连接被未知端口65535关闭
Can someone help me fix this?有人可以帮我解决这个问题吗?
This should work:这应该有效:
Host my-web-server
ProxyCommand ssh jumphost nc %h %p
Copy the public key of your local machine to ~/.ssh/authorized_keys
of the remote machine and not just the jump server.将本地机器的公钥复制到远程机器的
~/.ssh/authorized_keys
而不仅仅是跳转服务器。 This will enable passwordless login from the local machine using ssh -J
.这将使用
ssh -J
从本地计算机启用无密码登录。 If your public ip is ipv6 make the following modification in the config file of your local machine.如果您的公共 ip 是 ipv6,请在本地计算机的配置文件中进行以下修改。
Host jumphost
Hostname Retracted-Public-IPv6
user ec2-user
IdentityFile /Users/jananath/.ssh/private-key.pem
Host my-web-server
ProxyCommand ssh jumphost -W %[h]:%p
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.