我打算实现一个 golang 版本的 ssh 客户端来通过堡垒连接到目标服务器。但不幸的是,我在替换 nc 代理时失败了。
在我本地的 ssh 配置:
Host bastion
HostName xxx.xxx.xxx.xxx
User ec2-user
IdentityFile ~/.ssh/xxx-bastion.pem
Host 10.0.*.*
User ec2-user
IdentityFile ~/.ssh/xxx-dest.pem
ProxyCommand ssh -q bastion "nc -w 3600 %h %p"
我的 golang 实现如下:
var(
Bastion="xxx.xxx.xxx.xxx:22"
Target="xxx.xxx.xxx.xxx:22"
BastionPem ="/Users/me/.ssh/xxx-bastion.pem"
DestPem ="/Users/me/.ssh/xxx-dest.pem"
Timeout=30*time.Second
)
func BastionConfig() (*ssh.ClientConfig,error){
pemBytes, err := ioutil.ReadFile(BastionPem)
if err != nil {
log.Fatal(err)
}
signer, err := ssh.ParsePrivateKey(pemBytes)
if err != nil {
log.Fatalf("parse key failed:%v", err)
}
config := &ssh.ClientConfig{
User: "ec2-user",
Auth: []ssh.AuthMethod{ssh.PublicKeys(signer)},
Timeout:Timeout,
}
return config,err
}
func DestConfig() (*ssh.ClientConfig,error){
pemBytes, err := ioutil.ReadFile(TargetPem)
if err != nil {
log.Fatal(err)
}
signer, err := ssh.ParsePrivateKey(pemBytes)
if err != nil {
log.Fatalf("parse key failed:%v", err)
}
config := &ssh.ClientConfig{
User: "ec2-user",
Auth: []ssh.AuthMethod{ssh.PublicKeys(signer)},
Timeout:Timeout,
}
return config,err
}
func Connect(){
config,_:= BastionConfig()
bClient, err := ssh.Dial("tcp", Bastion, config)
if err != nil {
log.Fatal("dial bastion error:",err)
}
log.Println("dial bastion ok...")
// Dial a connection to the service host, from the bastion
conn, err := bClient.Dial("tcp", Target)
if err != nil {
log.Fatal("dial target error",err)
}
targetConfig,_:= DestConfig()
ncc, chans, reqs, err := ssh.NewClientConn(conn, Target, targetConfig)
if err != nil {
log.Fatal("new target conn error:",err)
}
log.Printf("target conn[%s] ok\n",Target)
targetClient := ssh.NewClient(ncc, chans, reqs)
if err != nil {
log.Fatalf("target ssh error:%v",err)
}
session,err:=targetClient.NewSession()
if err!=nil{
log.Fatalf("session failed:%v",err)
}
defer session.Close()
var stdoutBuf bytes.Buffer
session.Stdout = &stdoutBuf
err = session.Run("hostname")
if err != nil {
log.Fatalf("Run failed:%v", err)
}
log.Printf(">%s", stdoutBuf)
}
但是我得到的是堡垒服务器的主机名,而不是我的目标服务器,我是不是错过了引导目标服务器的输入/输出之类的,我不知道我的代码哪里错了,谁能给我一些方向。
非常感谢。
最佳答案
试试这个包 https://github.com/appleboy/easyssh-proxy
ssh := &easyssh.MakeConfig{
User: "drone-scp",
Server: "localhost",
Port: "22",
KeyPath: "./tests/.ssh/id_rsa",
Proxy: easyssh.DefaultConfig{
User: "drone-scp",
Server: "localhost",
Port: "22",
KeyPath: "./tests/.ssh/id_rsa",
},
}
关于golang ssh 由 nc 替换 ssh ProxyCommand,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40668227/