Go x / crypto / ssh - 如何通过堡垒节点建立与私人实例的ssh连接 [英] Go x/crypto/ssh -- How to establish ssh connection to private instance over a bastion node
问题描述
我想要实现这种情况:
在AWS上,我有一个VPC,其中部署了一个公共和私有子网。在公共子网中,我有一个堡垒实例,而在私有子网中,有一个节点运行某些服务(AKA服务实例)。
通过使用* nux ssh命令,我可以做这样的事情来连接到本地笔记本电脑的服务实例:
ssh -t -o ProxyCommand =ssh -i< key> ubuntu @< bastion-ip> nc%h%p-i< key>的ubuntu @<服务实例-IP>
我有一个Go程序,并且想要做以下事情:
- ssh通过堡垒连接到本地笔记本电脑的服务实例
- 使用连接会话运行一些命令(例如ls -l)
- 将文件从本地笔记本电脑上传到服务实例
ol>
我已经尝试过但无法执行与
<$ p相同的过程$ p> ssh -t -o ProxyCommand =ssh -i< key> ubuntu @< bastion-ip> nc%h%p-i< key>的ubuntu @<服务实例-IP>
任何人都可以帮我看一个例子吗?
Thanks!
顺便说一句,我发现这个:
https://github.com/golang/go/issues/6223 ,这意味着它肯定能够做到这一点,对吗?
net.Conn 。 一次你有一个 ssh.Client ,你可以使用 拨号 方法在你和你之间获得虚拟 net.Conn 最终主持人。然后你可以用 ssh.Conn rel =noreferrer> ssh.NewClientConn ,并用 ssh.NewClient
//连接到堡垒主机
bClient,err:= ssh.Dial(tcp,bastionAddr,config )
if err!= nil {
log.Fatal(err)
}
//从堡垒$ b $拨打到服务主机的连接b conn,err:= bClient.Dial(tcp,serviceAddr)
if err!= nil {
log.Fatal(err)
}
ncc ,chans,reqs,err:= ssh.NewClientConn(conn,serviceAddr,config)
if err!= nil {
log.Fatal(err)
}
sClient:= ssh.NewClient(ncc,chans,reqs)
// sClient是通过堡垒主机连接到服务主机的ssh客户端。
I want to implement this scenario: On AWS, I have a VPC, in which it is deployed a public and private subnet. In the public subnet, I have a "bastion" instance, while in private subnet, there is one node running some services(AKA "service instance"). By using *nux ssh command, I can do things like this to connect to the "service instance" from my local laptop:
ssh -t -o ProxyCommand="ssh -i <key> ubuntu@<bastion-ip> nc %h %p" -i <key> ubuntu@<service-instance-ip>
I have a Go program, and want to do the following things:
- ssh connect to the "service instance" from "local laptop" over the "bastion"
- use the connection session to run some commands (e.g. "ls -l")
- upload files from "local laptop" to "service instance"
I've tried but not able to implement the same process as doing
ssh -t -o ProxyCommand="ssh -i <key> ubuntu@<bastion-ip> nc %h %p" -i <key> ubuntu@<service-instance-ip>
Could anyone help to show me an example? Thanks!
BTW, I found this: https://github.com/golang/go/issues/6223, which means it is definately able to do that, right?
You can do this even more directly with the "x/crypto/ssh" without the nc command, since there is a method to dial a connection from the remote host and presents it as a net.Conn.
Once you have an ssh.Client, you can use the Dial method to get a virtual net.Conn between you and the final host. You can then turn that into a new ssh.Conn with ssh.NewClientConn, and create a new ssh.Client with ssh.NewClient
// connect to the bastion host
bClient, err := ssh.Dial("tcp", bastionAddr, config)
if err != nil {
log.Fatal(err)
}
// Dial a connection to the service host, from the bastion
conn, err := bClient.Dial("tcp", serviceAddr)
if err != nil {
log.Fatal(err)
}
ncc, chans, reqs, err := ssh.NewClientConn(conn, serviceAddr, config)
if err != nil {
log.Fatal(err)
}
sClient := ssh.NewClient(ncc, chans, reqs)
// sClient is an ssh client connected to the service host, through the bastion host.
这篇关于Go x / crypto / ssh - 如何通过堡垒节点建立与私人实例的ssh连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
