如何在不将本地RSA密钥置于任何地方的情况下ssh多跳 [英] How to ssh multiple hops without putting the local RSA key everywhere
问题描述
我在Mac,服务器A和服务器B上有一个奇怪的设置.我可以通过添加RSA密钥直接在没有密码的情况下登录A,也可以在不使用密码的情况下直接从A登录到B.
I have a weird setup where I work from my mac, server A and server B. I can login to A directly without having password by adding my RSA keys, and login to B from A directly without using password too.
有时我想从Mac直接登录到服务器B,因为生产环境正在运行B.我可以将ssh与ProxyCommand一起使用,但是随后我必须将密钥添加到服务器B中,有什么办法可以避免这样做?由于B是自动管理的服务器,因此密钥始终会刷新.
I sometimes wanted to login directly into server B from my mac, because B is where the production environment is running. I can use ssh with ProxyCommand, but then I have to add my keys into server B, is there any way I can avoid doing this? Because B is an auto managed server, the key is refreshed all the times.
从理论上讲,由于我可以从Mac到A(无密码),然后从A到B(无密码),因此我应该能够直接进入B.但是,如果不将Mac上的密钥添加到B的authorized_keys中,我将找不到正确的方法.还是有一种方法可以在此登录链中自动添加密钥,因为当我尝试这样做时,ssh会报告一些有关中间人攻击的信息并予以拒绝.
Theoretically, since I can get from my mac to A (without password), and then from A to B (without password), I should be able to get into B directly. But I can't find the proper way of doing this without adding my key on mac into B's authorized_keys. Or is there a way I can automatically add my key during this login chain, because when I try to do that, ssh reports something about man-in-the-middle attack and rejects it.
推荐答案
使用ProxyCommand
,您无需将密钥放在任何地方.如果使用如下所示的-W
选项,则所有身份验证均从主机启动:
Using ProxyCommand
you don't need to put your key anywhere. All the authentications are initiated from your host, if you use the -W
option like this:
ProxyCommand ssh -W %h:%p proxy
这篇关于如何在不将本地RSA密钥置于任何地方的情况下ssh多跳的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!