SSH: 쉘이 없는 사용자의 ProxyJump

syncoid시스템 사용자가 있습니다

$ cat /etc/passwd
syncoid:x:993:990::/var/lib/syncoid:/run/current-system/sw/bin/nologin

다음 SSH 구성을 사용하십시오.

$ cat /var/lib/syncoid/.ssh/config
Host eve
  User other
  HostName 192.168.10.1
  ProxyJump jumphost
  IdentityFile /var/lib/syncoid/.ssh/eve-syncoid
Host jumphost
  ForwardAgent yes
  User me
  HostName 192.168.1.1
  IdentityFile /var/lib/syncoid/.ssh/eve-syncoid

을 사용하여 Jumphost에 연결하고 로그인할 수 있습니다 sudo -u syncoid ssh jumphost. 그러나 eve서버에 연결 sudo -u syncoid ssh -vvv eve하면

OpenSSH_8.8p1, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /var/lib/syncoid/.ssh/config
debug1: /var/lib/syncoid/.ssh/config line 1: Applying options for eve
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 5: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.10.1 is address
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -vvv -W '[%h]:%p' jumphost
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/var/lib/syncoid/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/var/lib/syncoid/.ssh/known_hosts2'
debug1: Executing proxy command: exec ssh -vvv -W '[192.168.10.1]:22' jumphost
debug1: identity file /var/lib/syncoid/.ssh/eve-syncoid type 0
debug1: identity file /var/lib/syncoid/.ssh/eve-syncoid-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: kex_exchange_identification: banner line 0: This account is currently not available.
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

ProxyJump를 실행하려면 쉘을 사용하는 일반 사용자여야 합니까?

편집하다:

• VPN을 통해 ProxyJump에 로그인할 필요가 없으므로 eve키와 구성이 모두 정확합니다.
• 동일한 키/구성으로 일반 사용자를 만들었고 ProxyJump가 제대로 작동합니다.