带多个跳转主机的ssh ssh

时间:2018-09-10 17:52:50

标签: chef knife

我有一个网络,需要两个跳转主机才能从我的工作站进入。我的〜/ .ssh / config看起来像这样: Host *.mgmt.example.com ProxyJump admin-1.prod.example.com,jump-1.example.com

这对于常规的ssh很好用,但是我似乎无法通过刀子ssh进行连接。我尝试将--ssh-gateway admin-1.prod.example.com,jump-2.example.com添加到命令中,但它似乎也不起作用。刀ssh是否可以通过两个代理?

基于上述.ssh / config条目的示例命令: knife ssh "name:host-1.mgmt.example.com" "hostname"

numb3rs1x@workstation~:chef --version
Chef Development Kit Version: 3.2.30
chef-client version: 14.4.56
delivery version: master (6862f27aba89109a9630f0b6c6798efec56b4efe)
berks version: 7.0.6
kitchen version: 1.23.2
inspec version: 2.2.70

numb3rs1x@workstation~:knife ssh "name:host-1.mgmt.example.com" "hostname" -a fqdn
WARNING: Failed to connect to host-1.mgmt.example.com -- Net::SSH::Proxy::ConnectError: command timed out: ssh -J jump-1.example.com -W host-1.mgmt.example.com:22 admin-1.prod.example.com
ssh: connect to host jump-1.example.com port 22: Operation timed out
ssh_exchange_identification: Connection closed by remote host

numb3rs1x@workstation~:ssh host-1.mgmt.example.com
Warning: Permanently added 'admin-1.prod.example.com,10.5.0.9' (ECDSA) to the list of known hosts.
Warning: Permanently added 'jump-1.example.com' (ECDSA) to the list of known hosts.
Warning: Permanently added 'host-1.mgmt.example.com' (ECDSA) to the list of known hosts.
numb3rs1x@host-1:~$

1 个答案:

答案 0 :(得分:0)

net-ssh-gateway不直接支持多跳,但是只要您使用的是最近的ChefDK,net-ssh中的内置proxyjump支持就应如此。有关详细信息,请参见https://github.com/net-ssh/net-ssh/commit/4ae3bb582b93787de0b7c91301318bf13b9c7012#diff-d81a1a91889532e56748e65ae9683a7c