如何在不将本地RSA密钥置于任何地方的情况下ssh多跳 [英] How to ssh multiple hops without putting the local RSA key everywhere

问题描述

我在Mac，服务器A和服务器B上有一个奇怪的设置.我可以通过添加RSA密钥直接在没有密码的情况下登录A，也可以在不使用密码的情况下直接从A登录到B.

I have a weird setup where I work from my mac, server A and server B. I can login to A directly without having password by adding my RSA keys, and login to B from A directly without using password too.

有时我想从Mac直接登录到服务器B，因为生产环境正在运行B.我可以将ssh与ProxyCommand一起使用，但是随后我必须将密钥添加到服务器B中，有什么办法可以避免这样做?由于B是自动管理的服务器，因此密钥始终会刷新.

I sometimes wanted to login directly into server B from my mac, because B is where the production environment is running. I can use ssh with ProxyCommand, but then I have to add my keys into server B, is there any way I can avoid doing this? Because B is an auto managed server, the key is refreshed all the times.

从理论上讲，由于我可以从Mac到A(无密码)，然后从A到B(无密码)，因此我应该能够直接进入B.但是，如果不将Mac上的密钥添加到B的authorized_keys中，我将找不到正确的方法.还是有一种方法可以在此登录链中自动添加密钥，因为当我尝试这样做时，ssh会报告一些有关中间人攻击的信息并予以拒绝.

Theoretically, since I can get from my mac to A (without password), and then from A to B (without password), I should be able to get into B directly. But I can't find the proper way of doing this without adding my key on mac into B's authorized_keys. Or is there a way I can automatically add my key during this login chain, because when I try to do that, ssh reports something about man-in-the-middle attack and rejects it.

推荐答案

使用ProxyCommand，您无需将密钥放在任何地方.如果使用如下所示的-W选项，则所有身份验证均从主机启动:

Using ProxyCommand you don't need to put your key anywhere. All the authentications are initiated from your host, if you use the -W option like this:

ProxyCommand ssh -W %h:%p proxy

这篇关于如何在不将本地RSA密钥置于任何地方的情况下ssh多跳的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！