没有代理转发的SSH跳转主机 [英] SSH Jump Host WITHOUT Agent Forwarding
问题描述
尽管是一个简单的问题,但我搜索了几天都没有成功.
Although a simple question, I have searched for days without success.
M = My machine
J = Jump Host
S = Server
Jump Host has my public key on authorized_keys.
Server has J's public key on authorized_keys.
Allowed connections (due to key authentication):
M -> J
J -> S
我怎么可能从我的机器上将Ssh转换成S?
How is it possible for me to ssh into S from my machine?
我当前的配置是:
host jump
user root
HostName x.x.x.x
host server
user root
HostName x.x.x.x
port 22
ForwardAgent no
ProxyCommand ssh jump -W %h:%p
由于尝试使用M的键登录,因此无法正常工作.
It does not work as it tries to login with M's key.
这是ssh日志
debug1: Host 'x.x.x.x' is known and matches the ECDSA host key.
debug1: Found key in /Users/xxxxx/.ssh/known_hosts:1542
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/xxxxx/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/xxxxx/.ssh/id_dsa
debug1: Trying private key: /Users/xxxxx/.ssh/id_ecdsa
debug1: Trying private key: /Users/xxxxx/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
Killed by signal 1.
推荐答案
是.当然,它会尝试使用M的密钥登录.您并不是真正从J连接到S.
Yes. Of course it tries to login with M's key. You are not really connecting from J to S.
第一个ssh连接是从M到J.这个连接简单地设置了一些转发.使用第一个ssh设置的转发,第二个ssh连接直接从M到S. -没有机会使用J上的密钥.
The first ssh connection is from M to J. This one simply sets up some forwarding. The second ssh connection is directly from M to S using the forwarding set up by the first ssh. - No chance to use the key on J.
您可以使用ssh -A jump ssh-add将J的密钥添加到您的代理中.
然后您的设置应该可以正常工作.
You might use ssh -A jump ssh-add to add J's key to your agent.
Then your setup should work fine.
另一个想法可能类似于ssh -t jump ssh server.这样一来,您登录J并从那里登录S,几乎达到了您的预期.
Another idea might be something like ssh -t jump ssh server. This way you log into J and from there you log into S, pretty much as you expected it.
这篇关于没有代理转发的SSH跳转主机的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
