主页 / unix / 问题 / 427754
Accepted
daniel451
Asked: 2018-03-03 11:16:15 +0800 CST

ssh 配置:ProxyCommand 的替代品?

  • 772

在我的帮助下,ProxyCommand我设置了一些 ssh 收藏夹以便于使用:

host some_server
    hostname some_server
    port 22
    user some_user
    IdentityFile /home/user/.ssh/id_rsa
    ProxyCommand ssh frontserver1 -W %h:%p

host frontserver1
    hostname frontserver1.url.tld
    port 22
    user some_user
    IdentityFile /home/user/.ssh/id_rsa

今天frontserver1有很长的停机时间,但我也可以通过frontserver2或连接frontserver3。但是,我将不得不重新设置一切some_server_via_front2,依此类推。这将导致我想要访问的每个 Intranet 服务器(有很多)都有 n 个条目,其中 n 是前端服务器的数量。

有没有更简单的方法?

我可以设置替代品ProxyCommand吗?

类似的东西:如果ProxyCommand ssh frontserver1 -W %h:%p无法到达,那么去ProxyCommand ssh frontserver2 -W %h:%p,然后frontserver3,......

linux ssh

1 个回答

  1. Best Answer

    鉴于ssh_config手册上的内容:

     ProxyCommand
         Specifies the command to use to connect to the server.  The com-
         mand string extends to the end of the line, and is executed using
         the user's shell `exec' directive to avoid a lingering shell
         process.

    您应该能够使用 shell 的逻辑 OR 运算符,因此:

    host some_server
    hostname some_server
    port 22
    user some_user
    IdentityFile /home/user/.ssh/id_rsa
    ProxyCommand ssh frontserver1 -W %h:%p || ssh frontserver2 -W %h:%p || ssh frontserver3 -W %h:%p

host frontserver1
    hostname frontserver1.url.tld
    port 22
    user some_user
    IdentityFile /home/user/.ssh/id_rsa
    ConnectTimeout 5

host frontserver2
    hostname frontserver1.url.tld
    port 22
    user some_user
    IdentityFile /home/user/.ssh/id_rsa
    ConnectTimeout 5

host frontserver3
    hostname frontserver1.url.tld
    port 22
    user some_user
    IdentityFile /home/user/.ssh/id_rsa
    ConnectTimeout 5

    我冒昧地ConnectTimeout为每个代理主机添加了一个指令,这样最多需要 15 秒才能最终通过列表中的第三台主机失败,而不是n倍主机数量乘以默认值您主机上的 TCP 超时设置恰好是。

    • 3

相关问题