我正在尋找從本地主機到遠端伺服器的 ssh,然後從那裡到遠端電腦。我目前已對其進行設置,以便遠端計算機和遠端伺服器在它們之間設置無密碼 ssh-ing,但是如果我從本地主機 ssh 進入伺服器,然後嘗試從那裡 ssh 到計算機,我會得到:
Enter passphrase for key '/home/user/.ssh/id_dsa':
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
如果我嘗試從遠端伺服器上打開的終端 ssh 到遠端計算機,它工作得很好。這是否與我的顯示器不存在有關:0.0,或者完全是其他原因?我已經嘗試過了xhost +local:,但已經迷失了。
謝謝
答案1
如果兩個系統都有您本機系統使用的公鑰-A。
從ssh(1)
-A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file.
另請注意此警告:
Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's UNIX-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.
結果是,當您針對第二個主機進行身份驗證時,身份驗證將一直轉發回您實際駐留的主機。
例子:
me@host0:~ $ ssh -A host1
Last login: Thu Jun 14 11:31:53 2012 from 2001:db8::b0
me@host1:~ $ ssh -A host2
Last login: Thu Jun 14 11:41:05 2012 from 2001:db8::b1
me@host3:~ $ ssh -A host3
Last login: Tue Jun 12 10:46:50 2012 from 2001:db8::b2
me@host3:~ $
答案2
您的代理無法將身份驗證傳遞到遠端電腦。如果需要,您可以連接埠轉送連線以直接連接到遠端電腦。
看這篇關於 SSH 多跳的文章並跳至有關部分ProxyCommand
在~/.ssh/config:
Host remotecomputername
ProxyCommand ssh -q remoteservername nc -q0 remotecomputername 22