我试图配置我的SSH配置以便更轻松地完成工作流程,但我在这里遇到了障碍。
我有一个跳转主机,需要sudo ssh
才能到达所有其他机器。
我已经发现,如果我运行ssh -tt jumphost sudo ssh desthost
,我会被要求提供sudo
密码,并且可以访问desthost
现在,当我向ProxyCommand ssh -tt jumphost sudo ssh %h
添加ssh_config
并运行ssh desthost
时,我就会得到一个空白的连接。
调试打印输出:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/deiga/.ssh/config
debug1: /Users/deiga/.ssh/config line 34: Applying options for desthost
debug1: /Users/deiga/.ssh/config line 167: Applying options for *
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/tmp/ssh-deiga@desthost:22" does not exist
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec ssh -tt jumphost sudo ssh desthost
debug1: identity file /Users/deiga/.ssh/id_rsa type -1
debug1: identity file /Users/deiga/.ssh/id_rsa-cert type -1
debug1: identity file /Users/deiga/.ssh/id_dsa type -1
debug1: identity file /Users/deiga/.ssh/id_dsa-cert type -1
debug1: permanently_drop_suid: 501
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: ssh_exchange_identification: [sudo] password for deiga:
debug1: ssh_exchange_identification: Sorry, try again.
debug1: ssh_exchange_identification: [sudo] password for deiga:
debug1: ssh_exchange_identification: sudo: 1 incorrect password attempt
答案 0 :(得分:0)
这不是代理命令的工作方式。你应该如何做jumphosts的基本例子就是这样:
ProxyCommand ssh -W %h:%p jumphost
不支持在远程计算机上运行sudo。但您可以使用netcat命令执行相同的操作:
ProxyCommand ssh jumphost nc %h %p
要使其符合您的sudo
要求,只需添加sudo
命令:
ProxyCommand ssh jumphost sudo nc %h %p
如果无效,请尝试使用ssh(-vvv
)的详细日志来诊断问题。