堆栈内存溢出
  简体   繁体   English

SSH如何在不直接登录跳转服务器的情况下从跳转服务器隧道到另一台服务器

[英]How to SSH tunnel from jump server to another server without directly logging in to the jump server

 原文  2021-12-20 15:19:16       linux/ amazon-ec2/ ssh/ ssh-tunnel/ localtunnel

问题描述

I know, this question has been asked a lot, but still I have problems using ssh proxy.我知道,这个问题被问了很多,但我在使用ssh代理时仍然遇到问题。

I have an EC2 server (running a simple web server) which is in a private network in aws .我有一个EC2服务器(运行一个简单的 web 服务器),它位于aws的专用网络中。 And have a jumphost to connect to it.并有一个jumphost连接到它。 jumphost is in a public network. jumphost在公共网络中。 Only way I can login in to the web server instance is through the jumphost .我可以登录到 web 服务器实例的唯一方法是通过jumphost

So I have created ~/.ssh/config file in my local computer as below:所以我在本地计算机中创建了~/.ssh/config文件,如下所示:

Host jumphost
  Hostname <Retracted-Public-IP>
  user ec2-user
  IdentityFile /Users/jananath/.ssh/private-key.pem

I can log in to the jumphost as: ssh jumphost and it works.我可以登录到jumphost为: ssh jumphost并且它可以工作。

And in the jumphost above I have configured ~/.ssh/config as below:在上面的jumphost中,我配置了~/.ssh/config如下:

Host my-web-server
  Hostname <Retracted-Private-IP>
  user ec2-user
  IdentityFile ~/.ssh/web-server-private-key.pem

And I can ssh into the web server (from jumphost ) as ssh my-web-server and it works.我可以 ssh 进入 web 服务器(来自jumphost )作为ssh my-web-server并且它可以工作。

I don't want to log in to the jumphost everytime I need to log into the web server, so I tried proxying.我不想每次需要登录jumphost服务器时都登录jumphost,所以我尝试了代理。

Therefore, I added another block to my local ~/.ssh/config file as below:因此,我在本地~/.ssh/config文件中添加了另一个块,如下所示:

Host jumphost
  Hostname <Retracted-Public-IP>
  user ec2-user
  IdentityFile /Users/jananath/.ssh/private-key.pem

Host my-web-server
   ProxyCommand ssh jumphost -W %h:%p

And I tried: ssh my-web-server and it gives the below output:我试过: ssh my-web-server它给出了以下 output:

kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535 kex_exchange_identification:连接被远程主机关闭连接被未知端口65535关闭

Can someone help me fix this?有人可以帮我解决这个问题吗?

2 个解决方案

解决方案1
 0  2021-12-20 17:48:25

This should work:这应该有效:

Host my-web-server
   ProxyCommand ssh jumphost nc %h %p

解决方案2
 0  2022-01-26 07:24:44

Copy the public key of your local machine to ~/.ssh/authorized_keys of the remote machine and not just the jump server.将本地机器的公钥复制到远程机器的~/.ssh/authorized_keys而不仅仅是跳转服务器。 This will enable passwordless login from the local machine using ssh -J .这将使用ssh -J从本地计算机启用无密码登录。 If your public ip is ipv6 make the following modification in the config file of your local machine.如果您的公共 ip 是 ipv6,请在本地计算机的配置文件中进行以下修改。

Host jumphost
  Hostname Retracted-Public-IPv6
  user ec2-user
  IdentityFile /Users/jananath/.ssh/private-key.pem

Host my-web-server
   ProxyCommand ssh jumphost -W %[h]:%p

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SSH直接进入MySQL服务器 - SSH directly into MySQL server 如何将文件直接从另一台服务器传输到我的服务器 - how to transfer a file to my server directly from another server 如何使ansible连接到linux跳转服务器后面的windows主机 - How to make ansible connect to windows host behind linux jump server SSH隧道:local =&gt; gateway =&gt; MySQL服务器 - SSH tunnel: local => gateway => MySQL server 从服务器到另一个没有私钥密码短语的 SSH 连接 - SSH Connection from server to another one without private key passphrase 如何在没有SSH的情况下处理服务器? - How to deal with a server without SSH? 如何在没有SSH的情况下远程重启Linux服务器? - How to remotely restart a Linux server without SSH? 从服务器节点到没有SSH服务器的节点之间的SSH - SSH from server node to node with no SSH SERVER 在需要访问远程应用程序端口的服务器上创建SSH隧道 - Create an SSH tunnel on the server that needs to access the remote application port 跳过堡垒后,在远程服务器上获取退出代码 - Getting exit code on the remote server after jump through a bastion
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM