我正在尝试调试 CPU 变高的 OpenSSH 问题。但在此之前,我想确认此连接是否使用了 SSH-Agent 转发功能。以下是分配了两个 channel 的子 SSH 服务器的核心转储。
channel [1] 似乎正在与 ssh-agent 交谈。
我需要以下帮助:
1) As I know ssh-agent talks to SSH client, however here it seems to be talking to SSH server. Can we say that we have ssh-agent forwarding in role?
2) What can I do to reproduce this scenario?
3) Anything else that you may want to kindly tell me about from the data given.
(gdb) p *channels[0]
type = 0x4,
self = 0x0,
remote_id = 0x0,
istate = 0x0,
ostate = 0x3,
flags = 0x0,
rfd = 0xd,
wfd = 0xffffffff,
efd = 0xffffffff,
sock = 0xffffffff,
ctl_chan = 0xffffffff,
isatty = 0x1,
client_tty = 0x0,
path = 0x0,
listening_port = 0x0,
listening_addr = 0x0,
host_port = 0x0,
remote_name = 0xb0f2e4a0 "server-session",
ctype = 0x187df64 "session",
open_confirm = 0,
open_confirm_ctx = 0x0,
detach_user = 0x1855650 <session_close_by_channel>,
detach_close = 0x1,
=============================
(gdb) p *channels[1]
type = 0x6,
self = 0x1,
remote_id = 0xffffffff,
istate = 0x0,
ostate = 0x0,
flags = 0x0,
rfd = 0x9,
wfd = 0x9,
efd = 0xffffffff,
sock = 0x9,
ctl_chan = 0xffffffff,
path = 0xb0f2e7a0 "/tmp/ssh-00015945aa/agent.15945",
listening_port = 0x0,
listening_addr = 0x0,
host_port = 0x0,
remote_name = 0xb0f2e720 "auth socket",
ctype = 0x187d92c "auth socket"
最佳答案
1) As I know ssh-agent talks to SSH client, however here it seems to be talking to SSH server. Can we say that we have ssh-agent forwarding in role?
这是另一种方式。客户与代理交谈。如果您将套接字转发到服务器,则该服务器上的其他客户端可以与您计算机上的代理通信。
就这样。服务器具有转发身份验证套接字的唯一作用。
2) What can I do to reproduce this scenario?
开始
ssh-agent
和使用ssh -A server
启动与代理转发的连接。3) Anything else that you may want to kindly tell me about from the data given.
(gdb) p *channels[0]
type = 0x4, /* SSH_CHANNEL_OPEN -- shell or command */
(gdb) p *channels[1]
type = 0x6, /* SSH_CHANNEL_AUTH_SOCKET -- ssh-agent forwarding */
是的,那是代理转发。
关于ssh - OpenSSH - 是 ssh-agent 转发吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42413696/