Indlela yokusebenzisa i-SSH ProxyJump kanye ne-SSH ProxyCommand ku-Linux


Kafushane: Kulo mhlahlandlela, sibonisa indlela yokusebenzisa imiyalo ye-SSH ProxyJump kanye ne-SSH ProxyCommand lapho uxhumeka kuseva ye-jump.

Kumhlahlandlela wethu wangaphambilini wokuthi ungasetha kanjani i-SSH Jump Server, sihlanganise umqondo we-Bastion Host. Umsingathi we-Bastion noma i-Jump Server iyithuluzi elingumlamuli iklayenti le-SSH elixhumeka kulo kuqala ngaphambi kokufinyelela kusistimu yesilawuli kude se-Linux. Iseva ye-SSH Jump isebenza njengesango lezinsiza zakho ze-IT, ngaleyo ndlela yehlise indawo yokuhlasela.

Imiyalo ye-SSH ProxyJump kanye ne-ProxyCommand inquma ukuthi iklayenti lixhuma kanjani kuseva ekude ngeseva ye-jump, ihosti ye-jump, noma iseva ye-bastion.

Lo mhlahlandlela ukhanyisa ukukhanya ku-SSH ProxyJump kanye ne-SSH Proxy Command ku-Linux.

Okuqukethwe

Xhuma i-Linux ekude usebenzisa i-SSH ProxyJump Command

Umyalo we-ProxyJump uchazwa ngefulegi -J. Yethulwe ngenguqulo yeseva ye-OpenSSH engu-7.3 futhi ikusiza ukuthi uxhume endaweni eqondiwe yesilawuli kude ngokweqa i-bastion noma iseva yeqa.

I-syntax engezansi ibonisa ukuthi le nketho isetshenziswa kanjani:

$ ssh -J <jump-server> <remote-target>

Endabeni yamaseva amaningi e-bastion noma eqa, i-syntax ithatha ifomethi elandelayo.

$ ssh -J <jump-server-1> <jump-server-2> <remote-target>

Kuzo zombili izimo, uzongena ngemvume njengomsebenzisi wempande zonke izinyathelo zendlela. Lokhu akulungile ngenxa yezizathu zokuphepha, ngakho-ke ungase ufune ukudala abasebenzisi abahlukene ngaso sonke isikhathi.

Ungacacisa ngokusobala abasebenzisi abahlukene nezimbobo ze-SSH njengoba kukhonjisiwe.

$ ssh -J <[email :port> <[email :port>

Ukuze ubonise ifulegi le-ProxyJump lisebenza, sinokusethwa okulula njengoba kukhonjisiwe.

Jump Server IP:		173.82.232.55		User: james
Remote Target IP:	173.82.227.89		User: tecmint

Ukuze uxhume kuthagethi yesilawuli kude usebenzisa iseva ye-Jump, umyalo uzobukeka kanje.

$ ssh -J [email  [email 

Umyalo uzokutshela ukuthi uthole iphasiwedi yomsebenzisi we-jump server, bese ulandelwa yiphasiwedi yesistimu eqondiwe lapho uzonikezwa khona ukufinyelela ohlelweni oluqondiwe.

Uma usebenzisa njalo isisekelo esithile ukuze uxhume kuthagethi ethile yesilawuli kude, ungakwazi ukwengeza ukulungiselelwa kwe-ProxyJump okulandelayo kufayela elingu-~/.ssh/config ukuze wenze uxhumano lungabi nazihibe. Uma lokhu kwenzeka, uzogunyazwa kanye kuphela futhi lokhu kwenzeka kuphela kuthagethi yesilawuli kude.

Host host-jump
User james
Hostname 173.82.232.55

Host host_destination
User tecmint
Hostname 173.82.227.89
Port 22

Ngokusebenzisa ukucushwa okungenhla, ungenza uxhumano kuthagethi njengoba kukhonjisiwe.

$ ssh -J host_destination

Xhuma i-Linux ekude usebenzisa i-SSH ProxyCommand Command

Ngaphambi kwe-SSH Proxy Jump, i-ProxyCommand kwaba ukuphela kwendlela yokweqa abasingathi ukuze bafinyelele ithagethi yesilawuli kude. Isebenza ngokudlulisela phambili i-stdin (okujwayelekile ngaphakathi) kanye ne-stdout (okujwayelekile ngaphandle) ukusuka kumpokophelo yesilawuli kude ngeseva yeqa noma isisekelo.

I-ProxyCommand ithatha i-syntax elandelayo.

$ ssh -o ProxyCommand="ssh -W %h:%p <jump server>" <remote target>

Lapha, izimpikiswano ze--W kuya %h:%p zidlulisela phambili i-stdin bese ziphuma kumsingathi wesilawuli kude (%h) nesilawuli kude imbobo yesikhungo (%p).

Ukufaka umyalo esenzweni, nansi indlela umyalo wethu ongabukeka ngayo

$ ssh -o ProxyCommand="ssh -W %h:%p 173.82.232.55" 173.82.227.89

Yebo, ukuthayipha wonke umyalo kuyakhathaza futhi kudla isikhathi. Ukuze ugweme ukuthayipha umyalo omude kangako, engeza imigqa elandelayo yekhodi kufayela lakho elithi ~/.ssh/config.

Host host-destination
Hostname 173.82.227.89
ProxyCommand ssh -q -W %h:%p host-jump

Londoloza bese uphuma.

Manje okumele ukwenze ukusebenzisa umyalo olandelayo ukuze uxhume kuseva ekude.

$ ssh host-destination

Kulo mhlahlandlela, sibonise ukuthi imiyalo ye-ProxyJump ne-ProxyCommand isebenza kanjani. Ngokuvamile, i-ProxyJump iphuma njengenye indlela engcono ye-ProxyCommand futhi inikeza indlela elula nengenamthungo yokuxhuma kuthagethi yesilawuli kude ngokusebenzisa umsingathi we-jump.