이 프록시 명령이 있습니다
Host JUMPHOST
User root
ProxyCommand ssh -q 172.16.99.11 nc -q0 10.0.0.2 22
그런데 실행하면 10.0.0.2에 로그인이 안되네요.
federico@federico:~ $ ssh JUMPHOST -vvv
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /home/federico/.ssh/config
debug1: /home/federico/.ssh/config line 1414: Applying options for JUMPHOST
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Executing proxy command: exec ssh -q 172.16.99.11 nc -q0 10.0.0.2 22
debug1: permanently_drop_suid: 1000
debug1: identity file /home/federico/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/federico/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/federico/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/federico/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/federico/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/federico/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/federico/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/federico/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
ssh_exchange_identification: Connection closed by remote host
이상한 점은 일반 SSH를 실행하면 아무런 문제 없이 장치에 로그인할 수 있다는 것입니다.
federico@federico:~ $ ssh [email protected]
Last login: Mon Oct 31 19:03:00 2016 from 172.16.0.3
OpenBSD 6.0 (GENERIC) #2148: Tue Jul 26 12:55:20 MDT 2016
Welcome to OpenBSD: The proactively secure Unix-like operating system.
Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
# ssh [email protected]
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Oct 31 18:53:57 2016 from uk.lnd.lab.bastion.jumphost
root@UKLNDLABJUMPHOST:~# exit
두 서버 모두 내 공개 SSH 키를 가지고 있습니다.
federico@federico:~ $ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB9TZ/O3Akzb78CY8ExihPJkW6oWsihL30VS1B1ZY6bMiytRnn4Exn58Y1NbxwjMzKae3Ybn1IdLusJFPriDza8w2280nWSWdGVG/7gMNKxMFn0GAGyg5ciN5PfDsBEALZyjM5l1KRCe8NibVypnt4sY6oFonOapzzcWiLAujw/xs++dGUXtCoRegHSZaH5KmSds8vLEdP/045O3ScFKWz2K2vwbQ1kL3gV5GQOR0TG5JLf08eYUDUaIH7JXggP6yLKi1c500mUm5E/yeXyZSjScC0d0th3IFCIuKumG7sg9DKLirxYUdJfd4P061v9Z/Hgdyiniqrgm7TGrPpVHFjDFV02XxGkPHsFWF6wzp433g7ELciz7TdkRXdSe+5Ab56tWisUCZvQusVc6bKQz2VedW5JgS9JTLRA/fGjszf8rqhtsGDnTS6Pqlazny6MXpKnwwr5sNDskfrQI9gmusHWLxW8QSfNDidYoNvhhvsk0sBDFVwe+JmLAqXhWZsBI6cEhC/RLfgt1WXtWagGTZ7U0zOztUTwmNg5ZzznqEnRMWeOsYBabj+5MNUK/cGMW0i1jHMqnoOHGfutrWkdNZE08xpx3hvrDJEZFpuccji1igKpneja7k+dFk7o8TFoKD5tFkqQtXlWwkarG7eKUKdYL2+EBCmbw== federico@federico
federico@federico:~ $ ssh [email protected]
Last login: Mon Oct 31 19:13:05 2016 from 172.16.0.3
OpenBSD 6.0 (GENERIC) #2148: Tue Jul 26 12:55:20 MDT 2016
Welcome to OpenBSD: The proactively secure Unix-like operating system.
Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC21HOxZtkDzXLyBTDlFxZF/c4iL29ZumnaKPhm3maDIdCfnBeq+Ik6r5C9Avwsk6ycc3EWfTqa0b3wvr5sDpqgfUTDi5uKvSV0MwXkin84bOJFm4uO9Gh26h4XrXKPHIotaLpt/6xmuTS1KvR3azKy2yoC8rlvRCF9xO+0Hf9ZEShAGRx+Jfk9EUZYu0TUPehuQk5LwpiXuk2VEGvnA8volx9glO4/65dR8PIkkR8lLNtBVgukuK5BcxF6/KxLL2pSKFEJIYzyL8HEHsgQxWcrSiqeTjSvWkSmfvYx6JqzxbDQ8NvI2aCZ2zIOeewQgcE9gx+dDb5G0vvq/Pz3GT4N root@UKLNDLABJUMPHOST
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB9TZ/O3Akzb78CY8ExihPJkW6oWsihL30VS1B1ZY6bMiytRnn4Exn58Y1NbxwjMzKae3Ybn1IdLusJFPriDza8w2280nWSWdGVG/7gMNKxMFn0GAGyg5ciN5PfDsBEALZyjM5l1KRCe8NibVypnt4sY6oFonOapzzcWiLAujw/xs++dGUXtCoRegHSZaH5KmSds8vLEdP/045O3ScFKWz2K2vwbQ1kL3gV5GQOR0TG5JLf08eYUDUaIH7JXggP6yLKi1c500mUm5E/yeXyZSjScC0d0th3IFCIuKumG7sg9DKLirxYUdJfd4P061v9Z/Hgdyiniqrgm7TGrPpVHFjDFV02XxGkPHsFWF6wzp433g7ELciz7TdkRXdSe+5Ab56tWisUCZvQusVc6bKQz2VedW5JgS9JTLRA/fGjszf8rqhtsGDnTS6Pqlazny6MXpKnwwr5sNDskfrQI9gmusHWLxW8QSfNDidYoNvhhvsk0sBDFVwe+JmLAqXhWZsBI6cEhC/RLfgt1WXtWagGTZ7U0zOztUTwmNg5ZzznqEnRMWeOsYBabj+5MNUK/cGMW0i1jHMqnoOHGfutrWkdNZE08xpx3hvrDJEZFpuccji1igKpneja7k+dFk7o8TFoKD5tFkqQtXlWwkarG7eKUKdYL2+EBCmbw== federico@federico
# ssh
ssh ssh-add ssh-agent ssh-askpass ssh-keygen ssh-keyscan sshd
# ssh 10.0.0.2
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Oct 31 19:12:54 2016 from uk.lnd.lab.bastion.jumphost
root@UKLNDLABJUMPHOST:~# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB9TZ/O3Akzb78CY8ExihPJkW6oWsihL30VS1B1ZY6bMiytRnn4Exn58Y1NbxwjMzKae3Ybn1IdLusJFPriDza8w2280nWSWdGVG/7gMNKxMFn0GAGyg5ciN5PfDsBEALZyjM5l1KRCe8NibVypnt4sY6oFonOapzzcWiLAujw/xs++dGUXtCoRegHSZaH5KmSds8vLEdP/045O3ScFKWz2K2vwbQ1kL3gV5GQOR0TG5JLf08eYUDUaIH7JXggP6yLKi1c500mUm5E/yeXyZSjScC0d0th3IFCIuKumG7sg9DKLirxYUdJfd4P061v9Z/Hgdyiniqrgm7TGrPpVHFjDFV02XxGkPHsFWF6wzp433g7ELciz7TdkRXdSe+5Ab56tWisUCZvQusVc6bKQz2VedW5JgS9JTLRA/fGjszf8rqhtsGDnTS6Pqlazny6MXpKnwwr5sNDskfrQI9gmusHWLxW8QSfNDidYoNvhhvsk0sBDFVwe+JmLAqXhWZsBI6cEhC/RLfgt1WXtWagGTZ7U0zOztUTwmNg5ZzznqEnRMWeOsYBabj+5MNUK/cGMW0i1jHMqnoOHGfutrWkdNZE08xpx3hvrDJEZFpuccji1igKpneja7k+dFk7o8TFoKD5tFkqQtXlWwkarG7eKUKdYL2+EBCmbw== federico@federico
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCx0aXuxhIql7YpN7k7HseJGTedFdc2MMbiAJuYh3IYxiTzfHh0BbH8FbcS5t1op6lm3Mf0GaYPCm/JYVtnCKUc0YEIN37/t9KfCkTDtKEM6vW05aeCkHvGqHpI5IDLE7OOJvlsi6kQ+Nr7YY6mddKCZ4C58Bg6PoplCdEb7sKN6z38VvnJu/djUPybK0Eb9LsNZCuiYA6ddj6i3gTrkSJO4SsDUd2iAHYxU6ckFSr5P1wgYYABtUgzCcmtxt4epY4xjbbdI5yJxMyl7dHtQsY9J9EBvsYFNxtTw7FYUqXmqRLwnzi6YQ4YOCs1yAYCmMcLbI2BQF3Ym8zQGTsGZ6qX [email protected]
root@UKLNDLABJUMPHOST:~#
문제는 사용자에게 있는 것 같습니다. ProxyCommand 및 ssh 명령에 사용자 root를 지정했지만 사용자 root 대신 federico 사용자가 ssh 서비스에 전달되는 것 같습니다.
Oct 31 21:37:11 UK sshd[81208]: Invalid user federico from 172.16.0.3 port 39964
Oct 31 21:37:11 UK sshd[81208]: input_userauth_request: invalid user federico [preauth]
Oct 31 21:37:11 UK sshd[81208]: Connection closed by 172.16.0.3 port 39964 [preauth]
Oct 31 21:37:22 UK sshd[1763]: Invalid user federico from 172.16.0.3 port 39966
Oct 31 21:37:22 UK sshd[1763]: input_userauth_request: invalid user federico [preauth]
Oct 31 21:37:22 UK sshd[1763]: Connection closed by 172.16.0.3 port 39966 [preauth]
Oct 31 21:39:29 UK sshd[14073]: Accepted publickey for root from 172.16.0.3 port 39992 ssh2: RSA SHA256:lKGdTJBP83LONM/MR2yGXJuViH5Z2ltUqiqVV9nStCA
Oct 31 21:39:31 UK sshd[14073]: Received disconnect from 172.16.0.3 port 39992:11: disconnected by user
Oct 31 21:39:31 UK sshd[14073]: Disconnected from 172.16.0.3 port 39992
Oct 31 21:40:25 UK sshd[56193]: Accepted publickey for root from 172.16.0.3 port 39994 ssh2: RSA SHA256:lKGdTJBP83LONM/MR2yGXJuViH5Z2ltUqiqVV9nS
답변1
ProxyCommand ssh -q [email protected] nc -q0 10.0.0.2 22
답변2
ProxyCommand
다음과 같이 포함되도록 콘텐츠를 변경해 보세요 -A
.
ProxyCommand ssh -A -q 172.16.99.11 nc -q0 10.0.0.2 22