SSH 建议,git 从多个跳转克隆
SSH Advice, git cloning from multiple Jumps
这有点奇怪,我不确定如何解决它。
目前,我们有一个用于连接客户的跳转箱:
Host jump.server.com
Hostname jump.server.com
ForwardAgent yes
ForwardX11 yes
User first.last
Port 22
DynamicForward 9999
然后我连接到我的客户:
Host jump.customer.com
User server
ForwardAgent yes
ProxyCommand ssh -qaxT jump.server.com nc 10.xx.xx.x1 22
此客户然后有一个本地 Stash 服务器:
Host stash.customer
User server
ForwardAgent yes
ProxyCommand ssh -qaxT jump.customer.com nc 10.xx.xx.x2 22
我想从我本地机器上的存储中克隆一个 repo,目前我可以从 jump.customer.com 克隆它,没有任何问题,见下文:
server@jump.customer.com:~/repos $ git clone ssh://git@stash.customer:7999/cm/repo.git
Cloning into 'repo'...
remote: Counting objects: 37, done.
remote: Compressing objects: 100% (37/37), done.
remote: Total 37 (delta 22), reused 0 (delta 0)
Receiving objects: 100% (37/37), 5.41 KiB | 0 bytes/s, done.
Resolving deltas: 100% (22/22), done.
Checking connectivity... done.
然而,当我尝试在我的本地计算机上执行此操作时,我得到以下信息:
└─ $ ▶ git clone ssh://git@stash.customer:7999/cm/repo.git
Cloning into 'repo'...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
起初我以为这意味着我的密钥不在这个 repo 的存储服务器上,但我在 stash.customer 上查看了安全日志
Oct 21 09:42:48 stash.customer sshd[24122]: Invalid user git from 10.xx.xx.1
Oct 21 09:42:48 stash.customer sshd[24123]: input_userauth_request: invalid user git
Oct 21 09:42:49 stash.customer sshd[24123]: Connection closed by 10.xx.xx.1
存储服务器或跳机上没有名为git的用户,这是问题吗?我确信 stash 不需要传统的 ssh 用户,因为它目前没有,而且我可以在网络中克隆。
TLDR;由于使用了多次跳转,我无法仅在网络内的本地计算机上克隆存储库。
我通过为 stash.customer 添加一条新记录并在特定的存储端口上转发来解决这个问题。
Host stash-customer.domain.com
User system
ForwardAgent yes
ProxyCommand ssh -qaxT jump.customer.com nc 10.x.xx.xx 7999
这有点奇怪,我不确定如何解决它。
目前,我们有一个用于连接客户的跳转箱:
Host jump.server.com
Hostname jump.server.com
ForwardAgent yes
ForwardX11 yes
User first.last
Port 22
DynamicForward 9999
然后我连接到我的客户:
Host jump.customer.com
User server
ForwardAgent yes
ProxyCommand ssh -qaxT jump.server.com nc 10.xx.xx.x1 22
此客户然后有一个本地 Stash 服务器:
Host stash.customer
User server
ForwardAgent yes
ProxyCommand ssh -qaxT jump.customer.com nc 10.xx.xx.x2 22
我想从我本地机器上的存储中克隆一个 repo,目前我可以从 jump.customer.com 克隆它,没有任何问题,见下文:
server@jump.customer.com:~/repos $ git clone ssh://git@stash.customer:7999/cm/repo.git
Cloning into 'repo'...
remote: Counting objects: 37, done.
remote: Compressing objects: 100% (37/37), done.
remote: Total 37 (delta 22), reused 0 (delta 0)
Receiving objects: 100% (37/37), 5.41 KiB | 0 bytes/s, done.
Resolving deltas: 100% (22/22), done.
Checking connectivity... done.
然而,当我尝试在我的本地计算机上执行此操作时,我得到以下信息:
└─ $ ▶ git clone ssh://git@stash.customer:7999/cm/repo.git
Cloning into 'repo'...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
起初我以为这意味着我的密钥不在这个 repo 的存储服务器上,但我在 stash.customer 上查看了安全日志
Oct 21 09:42:48 stash.customer sshd[24122]: Invalid user git from 10.xx.xx.1
Oct 21 09:42:48 stash.customer sshd[24123]: input_userauth_request: invalid user git
Oct 21 09:42:49 stash.customer sshd[24123]: Connection closed by 10.xx.xx.1
存储服务器或跳机上没有名为git的用户,这是问题吗?我确信 stash 不需要传统的 ssh 用户,因为它目前没有,而且我可以在网络中克隆。
TLDR;由于使用了多次跳转,我无法仅在网络内的本地计算机上克隆存储库。
我通过为 stash.customer 添加一条新记录并在特定的存储端口上转发来解决这个问题。
Host stash-customer.domain.com
User system
ForwardAgent yes
ProxyCommand ssh -qaxT jump.customer.com nc 10.x.xx.xx 7999