JSch多个隧道/ jumphosts [英] JSch multiple tunnels/jumphosts
问题描述
我不确定这是否是由于使用私钥而非密码进行端口转发,但这就是我要做的事情
I'm not sure if this is caused by using a private key instead of password for the port forwarding but here's what I'm trying to do
我需要将本地端口3308一直转发到我的SQL DB 3306。
I need to forward local port 3308 all the way to the my SQL DB at 3306.
我可以在本地终端上一起运行这样的东西
I can run things like this all together in terminal on my local
ssh -L 3308:loacalhost:3307 username@jumpbox "ssh -L 3307:mysqlDB:3306 username@server"
或运行我本地的第一部分,然后是跳盒的第二部分。两者都工作正常,我可以连接到我的localhost:3308。
Or run the first part on my local and then the second part on the jumpbox. Both works fine and I can connect to my localhost:3308.
当我开始使用JSch时出现问题。这是我的代码
The problem comes when I start using JSch. Here is my code
JSch jsch = new JSch();
jsch.addIdentity("~/.ssh/id_rsa");
Session session = jsch.getSession("username", "jumpbox");
session.setConfig("StrictHostKeyChecking", "no");
session.connect();
int assinged_port = session.setPortForwardingL(3308, "localhost", 3307);
Session mysqlSession = jsch.getSession("username", "server", assinged_port);
mysqlSession.setConfig("StrictHostKeyChecking", "no");
mysqlSession.connect(); // Connection timed out here
mysqlSession.setPortForwardingL(3307, "mysqlDB", 3306);
第一次连接完成但第二次连接超时。
The first connection is done but the second one timed out.
线程main中的异常com.jcraft.jsch.JSchException:java.net.ConnectException:操作超时(连接超时)
Exception in thread "main" com.jcraft.jsch.JSchException: java.net.ConnectException: Operation timed out (Connection timed out)
我在这里用JSch或端口转发做错了吗?
Am I doing something wrong here with JSch or port forwarding?
推荐答案
您的 ssh
命令正在使用在跳转框上运行的SSH客户端(另一个 ssh
)。
Your ssh
command is making use of an SSH client (another ssh
) running on "jump box".
如果要使用Java实现相同的功能,您有两种选择:
When you want to implement the same using Java, you have two options:
-
在Java中执行相同操作,即使用
session
运行ssh -L 3307:mysqlDB:3306 username @ server
在跳转框上。
请参阅使用JSch执行命令。
尽管如此,我认为您不应该依赖 ssh
计划进行第二次跳跃,因为sa我之所以你使用Java / JSch进行第一次跳转(而不是 ssh
程序)。
Though, I do not think you should rely on ssh
program for the second jump, for the same reason you use Java/JSch for the first jump (and not ssh
program).
避免使用单独的 ssh
工具,而是通过另一个转发端口在本地打开另一个SSH会话。您可以使用 ssh
的最新版本实际执行相同操作,其中 -J
(跳转)开关(自OpenSSH 7.3起支持):
Avoid using a separate ssh
tool, and instead open the other SSH session locally via yet another forwarded port. You can actually do the same using recent versions of ssh
, with -J
(jump) switch (supported since OpenSSH 7.3):
ssh -L 3308:mysqlDB:3306 -J username@jumpbox username@server
我更喜欢这种方法。
实施后一种方法:
To implement the latter approach:
-
您必须将一些本地端口转发到
服务器:22
,这样你就可以打开到服务器的SSH连接
:
You have to forward some local port to
server:22
, so that you can open SSH connection to theserver
:
JSch jsch = new JSch();
jsch.addIdentity("~/.ssh/id_rsa");
Session jumpboxSession = jsch.getSession("username", "jumpbox");
jumpboxSession.connect();
int serverSshPort = jumpboxSession.setPortForwardingL(0, "server", 22);
Session serverSession = jsch.getSession("username", "localhost", serverSshPort);
serverSession.connect();
然后通过服务器转发另一个本地端口
到MySQL端口:
int mysqlPort = serverSession.setPortForwardingL(0, "mysqlDB", 3306);
现在你应该能够连接到 localhost:mysqlPort
使用MySQL客户端。
Now you should be able to connect to localhost:mysqlPort
using MySQL client.
强制警告:不要使用 StrictHostKeyChecking = no
盲目接受所有主机密钥。这是一个安全漏洞。您将失去对 MITM攻击的保护。
Obligatory warning: Do not use StrictHostKeyChecking=no
to blindly accept all host keys. That is a security flaw. You lose a protection against MITM attacks.
有关正确(且安全)的方法,请参阅:
如何解决Java UnknownHostKey,使用JSch SFTP库?
For a correct (and secure) approach, see:
How to resolve Java UnknownHostKey, while using JSch SFTP library?
这篇关于JSch多个隧道/ jumphosts的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!