Uyisebenzisa njani iSSH ProxyJump kunye neSSH ProxyCommand kwiLinux
Ngokufutshane: Kwesi sikhokelo, sibonisa indlela yokusebenzisa i-SSH ProxyJump kunye nemiyalelo ye-SSH ProxyCommand xa uqhagamshela kwiseva yokutsiba.
Kwisikhokelo sethu sangaphambili malunga nendlela yokuseta i-SSH Jump Server, sigubungele ingqikelelo ye-Bastion Host. Umamkeli we-Bastion okanye iSeva ye-Jump sisixhobo somlamli apho umxhasi we-SSH aqhagamsheleka kuso kuqala ngaphambi kokufikelela kwinkqubo yeLinux ekujoliswe kuyo. Iseva ye-SSH Jump isebenza njengesango kwizixhobo zakho ze-IT, ngaloo ndlela inciphisa umphezulu wohlaselo.
Imiyalelo ye-SSH ProxyJump kunye ne-ProxyCommand imisela ukuba umxhasi uqhagamshela njani kwiseva ekude ngeseva yokutsiba, i-jump host, okanye i-bastion server.
Esi sikhokelo sikhanyisa ukukhanya kwi-SSH ProxyJump kunye ne-SSH Proxy Command kwi-Linux.
Qhagamshela okude kwiLinux usebenzisa iSSH ProxyJump Umyalelo
Umyalelo weProxyJump uchazwa nge -J iflegi. Yaziswa kwi-server ye-OpenSSH yenguqulo ye-7.3 kwaye ikunceda wenze uqhagamshelo kwithagethi ekude ngokutsiba i-bastion okanye iseva yokutsiba.
I-syntax engezantsi ibonisa indlela olu khetho lusetyenziswa ngayo:
$ ssh -J <jump-server> <remote-target>
Kwimeko yee-bastion ezininzi okanye iiseva zokutsiba, i-syntax ithatha le fomati ilandelayo.
$ ssh -J <jump-server-1> <jump-server-2> <remote-target>
Kuzo zombini iimeko, uya kufakwa njengomsebenzisi oyingcambu inyathelo ngalinye lendlela. Oku akulunganga ngenxa yezizathu zokhuseleko, ngoko unokufuna ukwenza abasebenzisi abohlukeneyo kwimeko nganye.
Ungacacisa ngokucacileyo abasebenzisi abohlukeneyo kunye namazibuko e-SSH njengoko kubonisiwe.
$ ssh -J <[email :port> <[email :port>
Ukubonisa iflegi yeProxyJump isebenza, sinolungiselelo olulula njengoko kubonisiwe.
Jump Server IP: 173.82.232.55 User: james
Remote Target IP: 173.82.227.89 User: tecmint
Ukuqhagamshela kwithagethi ekude usebenzisa iseva ye-Jump, umyalelo uya kujongeka ngolu hlobo lulandelayo.
$ ssh -J [email [email
Umyalelo uya kukukhuthaza ukuba ufumane igama eliyimfihlo lomsebenzisi weseva yokutsiba, emva koko ulandelwe yigama lokugqitha lenkqubo ekujoliswe kuyo apho uya kunikwa ukufikelela kwinkqubo ekujoliswe kuyo.
Ukuba usebenzisa rhoqo isiseko esithile ukudibanisa kwitekeni ethile ekude, ungadibanisa uqwalaselo olulandelayo lweProxyJump kwi ~/.ssh/config ifayile ukwenza uxhulumaniso lungenamthungo. Xa oku kusenzeka, uya kuqinisekiswa kube kanye kwaye oku kwenzeka kuphela kwithagethi ekude.
Host host-jump
User james
Hostname 173.82.232.55
Host host_destination
User tecmint
Hostname 173.82.227.89
Port 22
Usebenzisa uqwalaselo olungentla, ungenza udibaniso kwithagethi njengoko kubonisiwe.
$ ssh -J host_destination
Qhagamshela okude kwiLinux usebenzisa iSSH ProxyCommand Command
Phambi kwe-SSH Proxy Jump, iProxyCommand yayikuphela kwendlela yokutsiba inginginya ukufikelela kwindawo ekujoliswe kuyo ekude. Isebenza ngokugqithisela phambili i-stdin (esemgangathweni ngaphakathi) kunye nestdout (esemgangathweni ophumayo) ukusuka kwindawo ekujoliswe kuyo ekude ngomncedisi wokutsiba okanye i-bastion.
I-ProxyCommand ithatha le syntax ilandelayo.
$ ssh -o ProxyCommand="ssh -W %h:%p <jump server>" <remote target>
Apha, i -W ukuya %h:%p iimpikiswano phambili stdin kwaye ngaphandle kwinginginya okude (%h) kunye nerimowudi izibuko lomamkeli (%p).
Ukubeka umyalelo kwisenzo, le yindlela umyalelo wethu obuya kujongeka ngayo
$ ssh -o ProxyCommand="ssh -W %h:%p 173.82.232.55" 173.82.227.89
Ewe kunjalo, ukuchwetheza wonke umyalelo kuyadinisa kwaye kudla ixesha. Ukunqanda ukuchwetheza lo myalelo mde, yongeza le migca ilandelayo yekhowudi kweyakho ~/.ssh/config file.
Host host-destination
Hostname 173.82.227.89
ProxyCommand ssh -q -W %h:%p host-jump
Gcina kwaye uphume.
Ngoku konke okufuneka ukwenze kukuqhuba lo myalelo ulandelayo ukuqhagamshela kwiseva ekude.
$ ssh host-destination
Kwesi sikhokelo, sibonise indlela imiyalelo yeProxyJump kunye neProxyCommand esebenza ngayo. Ngokubanzi, i-ProxyJump iphuma njengenye indlela engcono kwi-ProxyCommand kwaye ibonelela ngendlela elula nengenamthungo yokuqhagamshela kwithagethi ekude ngokutsiba.