https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/

SSH: 通過Proxy/Bastion連結Remote Server

在正常的情況, 透過 ssh command 就可以連接 Server.

SSH Connection to Remote Server through Bastion

但是在現實的情況,client 和 server 之間通常有Firewall阻擋. 因此要建立連線需要透過 Proxy/Bastion. 而設定的方法有以下幾種.

在 ~/.ssh/config 內設定

Proxy Jump (ssh version 7.3+)

Host hostB
Hostname x.x.x.x
Port 22
User userA
Host hostC
Hostname y.y.y.y
Port 22
User userA
ProxyJump hostB

只需使用 ProxyJump Command 就可以.

Using stdio forwarding

Host B 的設定不變. Host C 使用 ProxyCommand.

Host hostC
Hostname y.y.y.y
Port 22
User userA
ProxyCommand ssh -W %h:%p hostB

-W 是一個 Forward Standard. %h, %p是指 Server 的 Host 和 Port, 也即是 hostC & 22.

ProxyCommand with netcat (older method)

Host B 的設定不變. Host C 使用 ProxyCommand.

Host hostC
Hostname y.y.y.y
Port 22
User userA
ProxyCommand ssh hostB nc %h:%p

netcat 是 Linux 內的一個網絡工具用於 TCP/UDP 網絡連接和網絡傳輸, 而 nc 就是它的 command. %h, %p是指 Server 的 Host 和 Port, 也即是 host C & 22.

執行上以上三個方法都是一樣的, 在 host A 的 terminal 輸入:

$ ssh hostC

--

--

A Programmer, Data Engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store