我的用例是我必须通过一个跳跃框访问AWS ec2实例。
这是我的SSH配置。
Host awsjumpbox
User sshuser
HostName jumpboxhostname
IdentityFile /Users/myusername/.ssh/id_rsa
LocalForward 8022 10.0.168.43:22
当我执行SCP命令将文件复制到EC2实例时,它会工作。
myusername % scp -r -i ~/aws/aws-keypair.pem -P 8022 * ec2-user@localhost:testdir
The authenticity of host '[localhost]:8022 ([::1]:8022)' can't be established.
ECDSA key fingerprint is SHA256:rrwr62yjP2cgUTT9SowdlrIwGi4jMMwt5x4Aj6E4Y3Y.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:8022' (ECDSA) to the list of known hosts.
/etc/profile.d/lang.sh: line 19: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
README.md 100% 1064 24.3KB/s 00:00
但是,当我执行SSH命令时。返回一个奇怪的IP地址
myusername % ssh -i ~/aws/aws-keypair.pem -P 8022 ec2-user@localhost
ssh: connect to host 0.0.31.86 port 22: No route to host
这个问题的原因是什么?我怎么修理它?
谢谢。
不要使用LocalForward和反向流程
使用ProxyCommand或ProxyJump。这将允许SSH透明地打开到堡垒服务器的会话。
。你的配置应该在
一行Host 10.0.168.43
User root
ProxyCommand ssh -W %h:%p sshuser@awsjumpbox
...
或
Host 10.0.168.43
User root
ProxyJump sshuser@awsjumpbox
...