linux – 使用netcat模式代理的SSH多跳连接

自OpenSSH 5.4以来,有一个名为natcat模式的新功能,它允许您将本地SSH客户端的STDIN和STDOUT绑定到可通过远程SSH服务器访问的TCP端口.只需调用ssh -W [HOST]即可启用此模式：[PORT]

从理论上讲,这应该是在每个主机SSH配置中的ProxyCommand设置中使用的理想选择,该配置以前经常与nc(netcat)命令一起使用. ProxyCommand允许您将计算机配置为本地计算机和目标SSH服务器之间的代理,例如,如果目标SSH服务器隐藏在防火墙后面.

现在的问题是,它不是在工作,而是在我脸上抛出一个神秘的错误信息：

Bad packet length 1397966893.
Disconnecting: Packet corrupt

这是我的?/ .ssh / config的摘录：

Host *
  Protocol 2
  ControlMaster auto
  ControlPath ~/.ssh/cm_socket/%r@%h:%p
  ControlPersist 4h

Host proxy-host proxy-host.my-domain.tld
  HostName proxy-host.my-domain.tld
  ForwardAgent yes

Host target-server target-server.my-domain.tld
  HostName target-server.my-domain.tld
  ProxyCommand ssh -W %h:%p proxy-host
  ForwardAgent yes

正如您在此处所看到的,我正在使用ControlMaster功能,因此我不必为每个主机打开多个SSH连接.

我测试的客户端机器是Ubuntu 11.10(x86_64),代理主机和目标服务器都是Debian Wheezy Beta 3(x86_64)机器.

当我调用ssh target-server时发生错误.当我用-vvv标志调用它时,这是我另外得到的：

OpenSSH_5.8p1 Debian-7ubuntu1,OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /home/aef/.ssh/config
debug1: Applying options for *
debug1: Applying options for target-server.my-domain.tld
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for target-server.my-domain.tld
debug1: auto-mux: Trying existing master
debug1: Control socket "/home/aef/.ssh/cm_socket/aef@192.0.2.195:22" does not exist
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec ssh -W 192.0.2.195:22 gateway-host.my-domain.tld
debug1: identity file /home/aef/.ssh/id_rsa type -1
debug1: identity file /home/aef/.ssh/id_rsa-cert type -1
debug1: identity file /home/aef/.ssh/id_dsa type -1
debug1: identity file /home/aef/.ssh/id_dsa-cert type -1
debug1: identity file /home/aef/.ssh/id_ecdsa type -1
debug1: identity file /home/aef/.ssh/id_ecdsa-cert type -1
debug1: permanently_drop_suid: 1000
Host key fingerprint is 1a:2b:3c:4d:5e:6f:7a:8b:9c:ad:be:cf:de:ed:fe:ef
+--[ECDSA  521]---+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
+-----------------+

debug1: Remote protocol version 2.0,remote software version OpenSSH_6.0p1 Debian-3
debug1: match: OpenSSH_6.0p1 Debian-3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug2: fd 5 setting O_NONBLOCK
debug2: fd 4 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.0.2.195" from file "/home/aef/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "192.0.2.195" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /etc/ssh/ssh_known_hosts:49
debug3: load_hostkeys: found key type RSA in file /etc/ssh/ssh_known_hosts:50
debug3: load_hostkeys: loaded 2 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
Bad packet length 1397966893.
Disconnecting: Packet corrupt

更新：现在使用-vvv而不是仅-v输出.

解决方法

>在尝试连接到目标服务器之前,请确保已经存在与代理主机的连接.这将使错误消失,一切都按预期工作.您可以通过手动连接到代理主机来实现.>为ProxyCommand禁用ControlMaster,如ProxyCommand ssh -o“ControlMaster no”-W％h：％p proxy-host.这也将解决问题,但它将使用完全相同的ProxyCommand为每个连接创建一个到代理主机的新连接.

（编辑：晋中站长网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!