OpenSSH connection via proxy
Command line for proxy
用很长的命令行来实现,逻辑也在命令行中表达的很清晰。
具体是:
ssh internal_vm -o ProxyCommand="xxxx"
例如:
$ ssh -i group_vars/iot_rsa redhat@10.0.1.4 -o ProxyCommand="ssh -q -W %h:%p -i group_vars/iot_rsa redhat@40.83.75.19"
Last login: Tue Aug 7 07:24:01 2018 from 10.0.0.4
[redhat@roy-hk-de-vm-hdp-2 ~]$
参数解释,具体可以 man ssh_config / ssh
-i 出现两次,分别指定目标机和proxy 连接时用到的private key
-o 指定 option,这个例子告诉它使用ProxyCommand
-q quite mode, 静音模式
-W host:port 转发 Requests that standard input and output on the client be for-warded to host on port over the secure channel.
%h:%p Token remote host : remote port
另一种使用nc命令(netcat)实现
这能解决 https 代理的问题,有些机器默认没有安装nc,需要单独安装。
假设本地SSH代理的监听端口是3000,则ProxyCommand为
ProxyCommand nc -x 127.0.0.1:3000 %h %p
其中%h表示目标地址,%p是目标端口。这句可以用在命令行里,例如
ssh -o ProxyCommand="nc -x 127.0.0.1:3000 %h %p" git@github.com
nc也可以用于HTTPS代理,这需要指定所使用的协议,即添加 -X connect 参数。比如ssh_config中的例子
ProxyCommand nc -X connect -x 192.168.1.1:8080 %h %p
System-wide OpenSSH config file
/etc/ssh/ssh_config :
This files set the default configuration for all users of OpenSSH clients on that desktop/laptop and it must be readable by all users on the system.
User-specific OpenSSH config file
这是常用方式,配置好文件,用很短命令行就可以登录。而且修改配置文件只要理解就行了,不需要大量的记忆。
~/.ssh/config or $HOME/.ssh/config :
This is user’s own configuration file which, overrides the settings in the global client configuration file, /etc/ssh/ssh_config.
$ cat ~/.ssh/config
Host hdp1
User redhat
IdentityFile /home/centos/tmp/706/group_vars/iot_rsa
ProxyCommand ssh -q -W %h:%p redhat@40.83.73.163
HostName roy-hk-deploy-vm-hdp-01
Another example:
Host roy1
User redhat
ProxyCommand ssh -i /Users/royzeng/repo/723/group_vars/iot_rsa -q -W %h:%p redhat@40.83.75.19
HostName roy-hk-de-vm-hdp-1
IdentityFile /Users/royzeng/repo/723/group_vars/iot_rsa
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
参数解释:
Host roy1 ssh连接时使用的主机名简称
ProxyCommand 定义怎么连接proxy
IdentityFile 连接目标机的 private key
User 连接目标机的 用户名
StrictHostKeyChecking no 不检查HostKey 可以直接连接(不确认)
And then you can directly connect the server behind proxy now.
e.g.
$ ssh hdp1
$scp aaa.txt hdp1:/tmp/bbb.txt
网友评论