我有一个Docker容器,我希望能够通过SSH隧道与数据库进行交互。
我的 Docker 镜像是建立在高山镜像之上的,在 Dockerfile 中,我已经安装了 openssh-client 并公开了端口 27017
当我启动我的 Docker 映像并尝试使用以下命令转发端口时:
ssh -i /.ssh/ssh_key user@remote_ip -L 27017:localhost:27017 -Nf
我收到一个错误:
bind: Address not available
ssh 到远程服务器不是问题,但我无法转发端口。
谢谢
我设法使用以下入口点从docker-compose创建一个ssh隧道:
ssh -4 -i /.ssh/ssh_key -NL *:27017:0.0.0.0:27017 user@remote_ip
然后,我能够通过使用使用 docker-compose 创建的网络从另一个容器使用 SSH 隧道
docker run --network=tunnel_default image nmap -p 27027 service_name
tunnel_default是网络的名称
image是一个安装了nmap的 docker 映像(它允许您检查打开的端口(
service_name是我在 docker-compose 中为服务命名
如果未指定要使用的接口,则可以获取"绑定地址不可用"。默认情况下,它将使用所有这些,包括IPV6。就我而言,它对 IPV4 具有约束力,但"地址不可用"实际上是针对 IPV6 的,例如bind [::1]:2001: Address not available.如果您使用-4选项,这将仅使用 IPV4,如果您收到 IPV6 类型错误,那么这将为您解决这个问题,就像我在 Arch Linux 上一样。
-4 强制 ssh 仅使用 IPv4 地址。
-D [bind_address:]端口
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are sup‐ ported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the lis‐ tening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.