我有一个Docker容器,我希望它可以通过SSH隧道与数据库进行交互。
我的Docker映像基于高山映像构建,并且在Dockerfile中,我安装了openssh-client并公开了端口27017
当我启动Docker映像并尝试使用以下命令转发端口时:
ssh -i /.ssh/ssh_key user@remote_ip -L 27017:localhost:27017 -Nf
我得到一个错误:
bind: Address not available
ssh进入远程服务器不是问题,但是我无法转发端口。
谢谢
答案 0 :(得分:0)
我设法使用以下入口点从docker-compose创建ssh隧道:
ssh -4 -i /.ssh/ssh_key -NL *:27017:0.0.0.0:27017 user@remote_ip
然后我可以通过使用docker-compose创建的网络使用另一个容器的ssh隧道
docker run --network=tunnel_default image nmap -p 27027 service_name
tunnel_default是网络的名称
image是安装了nmap的docker映像(它允许您检查打开的端口)
service_name是我在docker-compose内部赋予服务的名称
答案 1 :(得分:0)
如果未指定要使用的接口,则可以获得“绑定地址不可用”。默认情况下,它将使用所有这些文件,包括IPV6。就我而言,它绑定在IPV4上,但“地址不可用”实际上是针对IPV6的,例如bind [::1]:2001: Address not available。如果使用-4选项,则只能指定IPV4,如果遇到IPV6类型错误,则可以为您解决。
-4强制ssh仅使用IPv4地址。
-D [bind_address:]端口
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are sup‐ ported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the lis‐ tening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.