我试图设置这样的SSH转发
osx> debianA> debianB
我可以连接到debianA罚款,使用ssh -A,它有以下环境variables当我做:
SSH_AGENT_PID=1543 SSH_AUTH_SOCK=/tmp/ssh-giwdYY1542/agent.1542 SSH_CLIENT='92.233.199.x 38954 22' SSH_CONNECTION='92.233.199.x 38954 108.171.179.x 22' SSH_TTY=/dev/pts/0 当我尝试连接到debianB,代理不被使用!
ssh -v输出结束于:
debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/nic/.ssh/id_rsa debug1: Trying private key: /home/nic/.ssh/id_dsa debug1: Next authentication method: password
然后我要求input密码。
我没有在ssh_config中设置任何ForwardAgent无指令,也没有.ssh / config。 sshd_config没有得到AllowAgentForwarding。 我也尝试过所有这些指令。
debianA和debianB都有相同的ssh_config和sshd_config(用diffvalidation),所以真正奇怪的是连接OSX> debianB> debianA工作正常!
我完全没有想法! 有没有人遇到过这个?
干杯! NFV
更新1
我注意到的另一件事是,当连接osx> debianA它在序言中做的最后一件事是吐出Agent pid:
Nics-iMac:~ nic$ ssh -A nic@cloud01 Linux cloud01 2.6.32-5-xen-amd64 #1 SMP Tue Mar 8 00:01:30 UTC 2011 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. You have new mail. Last login: Tue Nov 27 06:42:47 2012 from xxx Agent pid 717 <<< HERE *********** nic@cloud01:~#
debianB不这样做,否则序言是相同的,这可能是一个线索?
NFV
在debianB上,检查~/.ssh/authorized_keys的内容和权限。 如果权限错误(太宽),sshd也会在日志中发牢骚。
想到这一点,我已经在/ etc / profile脚下评估了$ {ssh-agent},必须覆盖来自转发代理的设置。
感谢NFV