通常我们登陆服务器都是先到跳板机,然后从跳板机登陆其他服务器,这么做的原因是为了杜绝任何人都可以直接连接 SSH 服务器,带来安全隐患,但是每次都要 ssh 到跳板机,然后从跳板机在连远程主机实在是太麻烦了。我们可以通过 ssh 的 forward 模式直接就从本地连接到内网机器,具体操作如下


不管是 linux还是 mac 操作系统,我们都可以编辑vim ~/.ssh/config 文件,然后参考如下配置

Host tiaoban  #跳板机名称
    HostName  #跳板机 IP
    Port 222  #跳板机端口
    User tiaoban  #跳板机用户名

Host server  #内网机器配置
    Port 222
    User root
    ProxyCommand ssh pi@tiaoban -W %h:%p

Host client
    Port 222 
    User root
    ProxyCommand ssh pi@tiaoban -W %h:%p



➜  ssh ssh tiaoban

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Jul  5 01:14:12 2017 from localhost
tiaoban@xxxxx:~ $ exit

2.连接 server

➜  ssh ssh server
The authenticity of host ' (<no hostip for proxy command>)' can't be established.
ECDSA key fingerprint is SHA256:b7RMtN02b8r/eWg2a5WPMzuNibmyDAKTxP9U0xNMgts.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
root@'s password:
Killed by signal 2.

连接 server 提示需要密码这个时候我们可以给远程主机添加一条本地的公钥

➜  ssh ssh-copy-id server
/usr/local/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/wenjun/.ssh/"
/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/local/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@'s password:
Killed by signal 1.

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh 'server'"
and check to make sure that only the key(s) you wanted were added.


➜  ssh ssh server
Last login: Tue Jul  4 10:03:25 2017 from
[root@server ~]# exit
Connection to closed.
Killed by signal 1.