Ssh

通過代理命令而不是通過公共主機連接到虛擬私有云的 SSH 連接超時

  • March 13, 2015

我在 AWS 中有一個帶有公共 DNS 的主機,bastion-prod,我可以從本地機器上通過 SSH 連接到它,沒有任何問題。從那裡,我可以通過 SSH 連接到虛擬私有云中的主機,reports-prod。但是,當我嘗試通過本地電腦上的代理命令直接通過 SSH 連接到報告產品時,請求超時。我在這兩種情況下都使用相同的密鑰。這是 SSH 的詳細輸出和我的 SSH 配置。是什麼賦予了?謝謝您的幫助!

SSH 配置

Host "bastion-prod"
 HostName <removed the actual public IP>
 User <removed the actual username>
 StrictHostKeyChecking no
 UserKnownHostsFile=/dev/null
 IdentityFile ~/.ssh/Private_Key.pem

Host "reports-prod"
 HostName <removed the actual private IP>
 User <removed the actual username>
 StrictHostKeyChecking no
 UserKnownHostsFile=/dev/null
 IdentityFile ~/.ssh/Private_Key.pem
 ProxyCommand ssh -W %h:%p bastion-prod

詳細的 SSH 輸出

$ ssh -vvv -F ~/.ssh/config_prod reports-prod
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/username/.ssh/config_prod
debug1: /Users/ibernshteyn/.ssh/config_prod line 155: Applying options for reports-prod
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec ssh -W 10.0.11.51:22 bastion-prod
debug1: permanently_drop_suid: 503
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/username/.ssh/Private_Key.pem" as a RSA1 public key
debug1: identity file /Users/username/.ssh/Private_Key.pem type -1
debug1: identity file /Users/username/.ssh/Private_Key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
ssh: connect to host 52.0.37.205 port 22: Operation timed out
ssh_exchange_identification: Connection closed by remote host

編輯 1 說出來,有趣的是最後兩行

ssh: connect to host 52.0.37.205 port 22: Operation timed out
ssh_exchange_identification: Connection closed by remote host

當我沒有明確嘗試連接到 52.0.37.205 時,為什麼會出現超時?那不是任何一個主機的IP。雖然,bastion-prod IP 確實以 52 開頭。

從非預設 SSH 配置文件 (config_prod) 讀取 SSH 配置時出現某種問題。我將所有內容都放在預設的“配置”文件中並刪除了 -F 標誌,一切都“很好”。

引用自:https://serverfault.com/questions/674631