2. 科技
  3. ssh代理登录内网服务器

ssh代理登录内网服务器

it2022-05-05  136
ssh代理登录内网服务器

服务器

192.168.48.81 # client 192.168.48.82 # bastion 192.168.48.83 # private

password方式

192.168.48.81

groupadd -g 501 ansible useradd -u 501 -g 501 ansible passwd ansible # @ansible

192.168.48.82

groupadd -g 501 ansible useradd -u 501 -g 501 ansible passwd ansible # @ansible groupadd -g 502 bastion useradd -u 502 -g 502 bastion passwd bastion # @bastion

192.168.48.83

groupadd -g 502 bastion useradd -u 502 -g 502 bastion passwd bastion # @bastion

192.168.48.81 -> 192.168.48.83

ssh -o ProxyCommand='ssh -W %h:%p ansible@192.168.48.82' bastion@192.168.48.83 ansible@192.168.48.82's password: bastion@192.168.48.83's password: Last login: Fri Jan 23 10:59:07 2015 from 192.168.48.82 ......

sshkey方式

192.168.48.81

su - ansible -c "ssh-keygen -b 2048 -t rsa -f ~/.ssh/ansible.pem -q -N ''" # /home/ansible/.ssh ansible.pem ansible.pem.pub

192.168.48.82

su - bastion -c "ssh-keygen -b 2048 -t rsa -f ~/.ssh/bastion82.pem -q -N ''" # /home/bastion/.ssh/ bastion82.pem bastion82.pem.pub

192.168.48.81 -> 192.168.48.82 sshkey

su - ansible ssh-copy-id -i .ssh/ansible.pem.pub '-o StrictHostKeyChecking=no 192.168.48.82' # 测试 ssh -i .ssh/ansible.pem 192.168.48.82

192.168.48.82 -> 192.168.48.83 sshkey

su - bastion ssh-copy-id -i .ssh/bastion82.pem.pub '-o StrictHostKeyChecking=no 192.168.48.83' # 测试 ssh -i .ssh/bastion82.pem 192.168.48.83

ssh.config方式

192.168.48.81

mkdir -p /etc/ansible/keys cp ansible.pem, ansible.pem.pub, bastion82.pem, bastion82.pem.pub -> /etc/ansible/keys 192.168.48.81 remove /home/ansible/.ssh/{ansible.pem, ansible.pem.pub} 192.168.48.82 remove /home/ansible/.ssh/{ansible.pem, ansible.pem.pub}, /home/bastion/.ssh/{bastion82.pem, bastion82.pem.pub} 192.168.48.83 remove /home/bastion/.ssh/{bastion82.pem, bastion82.pem.pub} # /etc/ansible/ssh.config Host bastion-82 User ansible Hostname 192.168.48.82 IdentityFile /etc/ansible/keys/ansible.pem Host server-83 User bastion Hostname 192.168.48.83 IdentityFile /etc/ansible/keys/bastion82.pem ProxyCommand ssh -q -A -x -i /etc/ansible/keys/ansible.pem -l ansible bastion-82 -W %h:%p [root@bjyh-48-81 ~]# ssh -F /etc/ansible/ssh.config bastion-82 Last login: Fri Jan 23 17:06:32 2015 from 192.168.48.81 [ansible@bjyh-48-82 ~]$ [root@bjyh-48-81 ~]# ssh -F /etc/ansible/ssh.config server-83 Last login: Fri Jan 23 17:08:41 2015 from 192.168.48.82 [bastion@bjyh-48-83 ~]$ posted on 2015-01-23 10:54 北京涛子 阅读( ...) 评论( ...) 编辑 收藏

转载于:https://www.cnblogs.com/liujitao79/p/4243565.html

专利

最新回复(0)