zoukankan      html  css  js  c++  java

  • ssh代理登录内网服务器

    服务器

    192.168.48.81 # client
192.168.48.82 # bastion
192.168.48.83 # private

    password方式

    192.168.48.81

    groupadd -g 501 ansible
useradd -u 501 -g 501 ansible
passwd ansible # @ansible

    192.168.48.82

    groupadd -g 501 ansible
useradd -u 501 -g 501 ansible
passwd ansible # @ansible

groupadd -g 502 bastion
useradd -u 502 -g 502 bastion
passwd bastion # @bastion

    192.168.48.83

    groupadd -g 502 bastion
useradd -u 502 -g 502 bastion
passwd bastion # @bastion

    192.168.48.81 -> 192.168.48.83

    ssh -o ProxyCommand='ssh -W %h:%p ansible@192.168.48.82' bastion@192.168.48.83
ansible@192.168.48.82's password: 
bastion@192.168.48.83's password: 
Last login: Fri Jan 23 10:59:07 2015 from 192.168.48.82
......

    sshkey方式

    192.168.48.81

    su - ansible -c "ssh-keygen -b 2048 -t rsa -f ~/.ssh/ansible.pem -q -N ''"
# /home/ansible/.ssh
ansible.pem  ansible.pem.pub

    192.168.48.82

    su - bastion -c "ssh-keygen -b 2048 -t rsa -f ~/.ssh/bastion82.pem -q -N ''"
# /home/bastion/.ssh/
bastion82.pem  bastion82.pem.pub

    192.168.48.81 -> 192.168.48.82 sshkey

    su - ansible
ssh-copy-id -i .ssh/ansible.pem.pub '-o StrictHostKeyChecking=no 192.168.48.82'
# 测试
ssh -i .ssh/ansible.pem 192.168.48.82

    192.168.48.82 -> 192.168.48.83 sshkey

    su - bastion
ssh-copy-id -i .ssh/bastion82.pem.pub '-o StrictHostKeyChecking=no 192.168.48.83'
# 测试
ssh -i .ssh/bastion82.pem 192.168.48.83

    ssh.config方式

    192.168.48.81

    mkdir -p /etc/ansible/keys
cp ansible.pem, ansible.pem.pub, bastion82.pem, bastion82.pem.pub -> /etc/ansible/keys

192.168.48.81 remove /home/ansible/.ssh/{ansible.pem, ansible.pem.pub}
192.168.48.82 remove /home/ansible/.ssh/{ansible.pem, ansible.pem.pub}, /home/bastion/.ssh/{bastion82.pem, bastion82.pem.pub}
192.168.48.83 remove /home/bastion/.ssh/{bastion82.pem, bastion82.pem.pub}

    # /etc/ansible/ssh.config
Host bastion-82
    User            ansible
    Hostname        192.168.48.82
    IdentityFile    /etc/ansible/keys/ansible.pem

Host server-83
    User            bastion
    Hostname        192.168.48.83
    IdentityFile    /etc/ansible/keys/bastion82.pem
    ProxyCommand    ssh -q -A -x -i /etc/ansible/keys/ansible.pem -l ansible bastion-82 -W %h:%p

    [root@bjyh-48-81 ~]# ssh -F /etc/ansible/ssh.config bastion-82
Last login: Fri Jan 23 17:06:32 2015 from 192.168.48.81
[ansible@bjyh-48-82 ~]$ 

[root@bjyh-48-81 ~]# ssh -F /etc/ansible/ssh.config server-83
Last login: Fri Jan 23 17:08:41 2015 from 192.168.48.82
[bastion@bjyh-48-83 ~]$
  • 相关阅读:
    解决VS2005 远程工具无法通过同步软件连接S5pv210 样机的问题
    java.util.concurrent 多线程框架线程池编程(三)
    线程池java.util.concurrent 多线程框架(二)
    java.util.concurrent 多线程框架线程池编程(一)
    java.util.concurrent 多线程框架线程池编程(四)
    Box2D学习笔记(2)
    Box2D学习笔记(1)
    ASP.NET页面防止刷新
    C#中跨数据库增删改的事务控制
    .NET(C#)开源代码分析
  • 原文地址:https://www.cnblogs.com/liujitao79/p/4243565.html
Copyright © 2011-2022 走看看