我刚刚使用默认的here按照template所述的步骤在Azure容器服务中创建了一个新的Mesosphere Cluster。已创建群集/资源,我只想通过ssh转发连接到群集。建立了连接但是当我尝试在转发端口80上打开页面时,我得到channel 2: open failed: administratively prohibited: open failed
这是详细的ssh日志:
sudo ssh -v -i ~/.ssh/id_rsa -L 80:localhost:80 -f -N azureuser@myservermgmt.northeurope.cloudapp.azure.com -p 2200
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 102: Applying options for *
debug1: Connecting to myservermgmt.northeurope.cloudapp.azure.com [52.178.215.121] port 2200.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /Users/me/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu1
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to myservermgmt.northeurope.cloudapp.azure.com:2200 as 'azureuser'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ZMD6A/rz3qWsn2V6yQyeg3kG8vFtweDc72oAZCLo9xs
debug1: Host '[myservermgmt.northeurope.cloudapp.azure.com]:2200' is known and matches the ECDSA host key.
debug1: Found key in /var/root/.ssh/known_hosts:2
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/me/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to myservicemgmt.northeurope.cloudapp.azure.com ([52.178.215.121]:2200).
debug1: Local connections to LOCALHOST:80 forwarded to remote address localhost:80
debug1: Local forwarding listening on ::1 port 80.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 80.
debug1: channel 1: new [port listener]
debug1: Requesting no-more-sessions@openssh.com
debug1: forking to background
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Connection to port 80 forwarding to localhost port 80 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: administratively prohibited: open failed
debug1: channel 2: free: direct-tcpip: listening port 80 for localhost port 80, connect from 127.0.0.1 port 55718 to 127.0.0.1 port 80, nchannels 3
debug1: Connection to port 80 forwarding to localhost port 80 requested.
AFAIK这可能意味着服务器上未启用PermitTunnel。由于ssh隧道在我的机器上用于其他目的,我想知道ACS中是否有任何必须配置的东西?我已经尝试ssh直接进入DCOS主机,但没有成功。
感谢任何帮助。
答案 0 :(得分:0)
AFAIK这可能意味着`服务器上未启用PermitTunnel。
不,它是目标服务器的AllowTcpForwarding中的/etc/ssh/sshd_config。或PermitOpen指令。
另请注意,如果您未在root用户下运行或具有特定权限,则无法绑定系统上的特权端口。