SSH-帮助了解代理命令 [英] SSH - Help understanding proxy command

问题描述

我正在尝试调试 Jenkins插件似乎由于SSH权限问题而失败.基本上，该插件允许我从主机SSH到从机上的特定Jenkins构建中，但是由于某些原因，它在我尝试使用它的系统上失败.

I am trying to debug a Jenkins Plugin that seems to be failing due to an SSH permission problem. Basically the plugin allows me to SSH from a master machine into a specific Jenkins build on the slave machine, but for some reason it fails on the system that I'm trying to use it on.

该插件执行后，告诉我可以使用以下命令从主计算机SSH到从属版本中

When executed, the plugin tells me that I can use something like the following command to SSH into the slave build from the master machine:

ssh.config

Host=*.localhost
Port=43689
ProxyCommand=ssh -p 43689 localhost diagnose-tunnel -suffix .localhost %h

命令:

ssh -F ssh.config Test.localhost

这可以在我已经设置(使用两台机器)的测试系统上运行，但是在生产环境中会失败，并显示错误权限被拒绝(公钥).

This works on a test system I've set up (using two machines), but fails in the production environment with the error Permission denied (publickey).

虽然我当然愿意自己调试权限问题，但对于此ssh命令的工作方式我真的很困惑:/它到底打算做什么?我对此事进行了研究，但对于proxy命令的工作方式仍然感到困惑.

While I'm certainly willing to debug the permission problem myself, I'm really confused as to how this ssh command works :/ What exactly is it trying to do? I researched the matter but I'm still confused as to how this works with the proxy command.

我想象它连接到本地主机(jenkins主计算机)中的某个自定义端口，但是这将如何允许我SSH进入从计算机?可以将此命令重写为一行以提高可读性吗?什么可能导致权限拒绝错误?

I imagine that it connects to some custom port in localhost (the jenkins master machine), but how would this allow me to ssh into the slave machine? Can this command be rewritten into one line for readability? What could possibly cause a permission denied error?

感谢您的帮助！我想这可能是一个非常简单的问题，但我是SSH的新手，并且仍在尝试理解它:)

Thanks for any help! I imagine this is probably a really simple question, but I'm new to SSH and am still trying to understand it :)

更新

根据要求输出 ssh -vF test_ssh< job>.< host> ！^^(为了可读性，用标签替换了作业和主机)

Output of ssh -vF test_ssh <job>.<host>, as requested! ^^ (with the job and host replaced by tags for readability)

OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data test_ssh
debug1: Applying options for *.<host>
debug1: Executing proxy command: exec ssh -p 44078 <host> diagnose-tunnel -suffix .<host> <job>
debug1: permanently_drop_suid: 497
debug1: identity file /var/lib/jenkins/.ssh/identity type -1
debug1: identity file /var/lib/jenkins/.ssh/identity-cert type -1
debug1: identity file /var/lib/jenkins/.ssh/id_rsa type 1
debug1: identity file /var/lib/jenkins/.ssh/id_rsa-cert type -1
debug1: identity file /var/lib/jenkins/.ssh/id_dsa type -1
debug1: identity file /var/lib/jenkins/.ssh/id_dsa-cert type -1
debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa type -1
debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa-cert type -1
Permission denied (publickey).
ssh_exchange_identification: Connection closed by remote host

推荐答案

我遇到了同样的问题..

I've had the same problem..

现在，我会尽力回答您.

Now, I'll try to answer you.

它到底想做什么?

What exactly is it trying to do?

ssh -p <port> <server> diagnose-tunnel -suffix .<server> %h

diagnose-tunnel-后缀.<服务器>％h 是在< server>:< port> 上执行的命令.据我了解，正是詹金斯的特定命令有助于建立与从属节点的连接.

diagnose-tunnel -suffix .<server> %h is command which executes on <server>:<port>. As I understand, it is Jenkins' specific command which helps to establish connection with slave node.

权限被拒绝(公钥).

Permission denied (publickey).

有可以帮助我的解决方案:

There is solution which helps me:

1. 生成私人&通过的公钥 ssh-keygen ;
2. 将公钥(id_rsa.pub)复制到您的用户设置(http://< jenkins_server> :8080/user/< jenkins_user_name> /configure);

3. 编辑〜/.ssh/config 文件:您应在 ProxyCommand 行中添加 jenkins_user_name :

1. Generate private & public keys via ssh-keygen;
2. Copy public key (id_rsa.pub) to your user settings (http://<jenkins_server>:8080/user/<jenkins_user_name>/configure);

3. Edit ~/.ssh/config file: you should add jenkins_user_name to ProxyCommand line:

ProxyCommand ssh -p< port>< jenkins_user_name> @< jenkins_server>diagnostic-tunnel-后缀.< jenkins_server>％h

还需要添加 User< jenkins_user_name> 和 IdentityFile/path/to/private_key @sotona的编写方式

Also it is needed to add User <jenkins_user_name> and IdentityFile /path/to/private_key how @sotona is written

这篇关于SSH-帮助了解代理命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！