Indlela yokusebenzisa i-SSH ProxyJump kanye ne-SSH ProxyCommand ku-Linux
Kafushane: Kulo mhlahlandlela, sibonisa indlela yokusebenzisa imiyalo ye-SSH ProxyJump kanye ne-SSH ProxyCommand lapho uxhumeka kuseva ye-jump.
Kumhlahlandlela wethu wangaphambilini wokuthi ungasetha kanjani i-SSH Jump Server, sihlanganise umqondo we-Bastion Host. Umsingathi we-Bastion noma i-Jump Server iyithuluzi elingumlamuli iklayenti le-SSH elixhumeka kulo kuqala ngaphambi kokufinyelela kusistimu yesilawuli kude se-Linux. Iseva ye-SSH Jump isebenza njengesango lezinsiza zakho ze-IT, ngaleyo ndlela yehlise indawo yokuhlasela.
Imiyalo ye-SSH ProxyJump kanye ne-ProxyCommand inquma ukuthi iklayenti lixhuma kanjani kuseva ekude ngeseva ye-jump, ihosti ye-jump, noma iseva ye-bastion.
Lo mhlahlandlela ukhanyisa ukukhanya ku-SSH ProxyJump kanye ne-SSH Proxy Command ku-Linux.
Xhuma i-Linux ekude usebenzisa i-SSH ProxyJump Command
Umyalo we-ProxyJump uchazwa ngefulegi -J
. Yethulwe ngenguqulo yeseva ye-OpenSSH engu-7.3 futhi ikusiza ukuthi uxhume endaweni eqondiwe yesilawuli kude ngokweqa i-bastion noma iseva yeqa.
I-syntax engezansi ibonisa ukuthi le nketho isetshenziswa kanjani:
$ ssh -J <jump-server> <remote-target>
Endabeni yamaseva amaningi e-bastion noma eqa, i-syntax ithatha ifomethi elandelayo.
$ ssh -J <jump-server-1> <jump-server-2> <remote-target>
Kuzo zombili izimo, uzongena ngemvume njengomsebenzisi wempande zonke izinyathelo zendlela. Lokhu akulungile ngenxa yezizathu zokuphepha, ngakho-ke ungase ufune ukudala abasebenzisi abahlukene ngaso sonke isikhathi.
Ungacacisa ngokusobala abasebenzisi abahlukene nezimbobo ze-SSH njengoba kukhonjisiwe.
$ ssh -J <[email :port> <[email :port>
Ukuze ubonise ifulegi le-ProxyJump lisebenza, sinokusethwa okulula njengoba kukhonjisiwe.
Jump Server IP: 173.82.232.55 User: james
Remote Target IP: 173.82.227.89 User: tecmint
Ukuze uxhume kuthagethi yesilawuli kude usebenzisa iseva ye-Jump, umyalo uzobukeka kanje.
$ ssh -J [email [email
Umyalo uzokutshela ukuthi uthole iphasiwedi yomsebenzisi we-jump server, bese ulandelwa yiphasiwedi yesistimu eqondiwe lapho uzonikezwa khona ukufinyelela ohlelweni oluqondiwe.

Uma usebenzisa njalo isisekelo esithile ukuze uxhume kuthagethi ethile yesilawuli kude, ungakwazi ukwengeza ukulungiselelwa kwe-ProxyJump okulandelayo kufayela elingu-~/.ssh/config ukuze wenze uxhumano lungabi nazihibe. Uma lokhu kwenzeka, uzogunyazwa kanye kuphela futhi lokhu kwenzeka kuphela kuthagethi yesilawuli kude.
Host host-jump
User james
Hostname 173.82.232.55
Host host_destination
User tecmint
Hostname 173.82.227.89
Port 22
Ngokusebenzisa ukucushwa okungenhla, ungenza uxhumano kuthagethi njengoba kukhonjisiwe.
$ ssh -J host_destination

Xhuma i-Linux ekude usebenzisa i-SSH ProxyCommand Command
Ngaphambi kwe-SSH Proxy Jump, i-ProxyCommand kwaba ukuphela kwendlela yokweqa abasingathi ukuze bafinyelele ithagethi yesilawuli kude. Isebenza ngokudlulisela phambili i-stdin (okujwayelekile ngaphakathi) kanye ne-stdout (okujwayelekile ngaphandle) ukusuka kumpokophelo yesilawuli kude ngeseva yeqa noma isisekelo.
I-ProxyCommand ithatha i-syntax elandelayo.
$ ssh -o ProxyCommand="ssh -W %h:%p <jump server>" <remote target>
Lapha, izimpikiswano ze--W
kuya %h:%p
zidlulisela phambili i-stdin bese ziphuma kumsingathi wesilawuli kude (%h)
nesilawuli kude imbobo yesikhungo (%p)
.
Ukufaka umyalo esenzweni, nansi indlela umyalo wethu ongabukeka ngayo
$ ssh -o ProxyCommand="ssh -W %h:%p 173.82.232.55" 173.82.227.89

Yebo, ukuthayipha wonke umyalo kuyakhathaza futhi kudla isikhathi. Ukuze ugweme ukuthayipha umyalo omude kangako, engeza imigqa elandelayo yekhodi kufayela lakho elithi ~/.ssh/config.
Host host-destination
Hostname 173.82.227.89
ProxyCommand ssh -q -W %h:%p host-jump
Londoloza bese uphuma.
Manje okumele ukwenze ukusebenzisa umyalo olandelayo ukuze uxhume kuseva ekude.
$ ssh host-destination
Kulo mhlahlandlela, sibonise ukuthi imiyalo ye-ProxyJump ne-ProxyCommand isebenza kanjani. Ngokuvamile, i-ProxyJump iphuma njengenye indlela engcono ye-ProxyCommand futhi inikeza indlela elula nengenamthungo yokuxhuma kuthagethi yesilawuli kude ngokusebenzisa umsingathi we-jump.