| 中文版 | English |
本指南说明如何配置SSH配置文件(~/.ssh/config)以便与autossh-tunnel-dockerized项目配合使用。SSH配置文件对于定义连接参数和确保隧道顺利建立至关重要。
SSH配置文件(~/.ssh/config)允许您为SSH主机定义连接参数,包括:
本项目严重依赖SSH配置文件,因为:
config.yaml中的remote_host参数引用您SSH配置中的条目SSH配置文件应位于:
~/.ssh/config
如果此文件不存在,请创建它:
touch ~/.ssh/config
chmod 600 ~/.ssh/config
Host myserver
HostName example.com
User myuser
Port 22
IdentityFile ~/.ssh/id_ed25519
Host server1
HostName 192.168.1.100
User admin
Port 22
IdentityFile ~/.ssh/id_rsa
Host server2
HostName server2.example.com
User root
Port 2222
IdentityFile ~/.ssh/id_ed25519
Host jumphost
HostName jump.example.com
User jumpuser
Port 22
IdentityFile ~/.ssh/jump_key
Host *
# 启用连接复用
ControlMaster auto
ControlPath ~/.ssh/sockets/ssh_mux_%h_%p_%r
ControlPersist 600
# 连接超时设置
ServerAliveInterval 60
ServerAliveCountMax 3
ConnectTimeout 10
# 安全设置
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts
Host production-server
HostName prod.example.com
User deploy
Port 22
IdentityFile ~/.ssh/production_key
# 此主机的特定设置
ServerAliveInterval 30
TCPKeepAlive yes
Compression yes
Host jumphost
HostName jump.example.com
User jumpuser
Port 22
IdentityFile ~/.ssh/jump_key
Host internal-server
HostName 10.0.1.100
User admin
Port 22
IdentityFile ~/.ssh/internal_key
ProxyJump jumphost
# 旧版SSH的替代语法
# ProxyCommand ssh -W %h:%p jumphost
Host *.internal
User admin
Port 22
IdentityFile ~/.ssh/internal_key
ProxyJump jumphost
Host dev-*
User developer
Port 2222
IdentityFile ~/.ssh/dev_key
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Host vps1
HostName 203.0.113.10
User root
Port 22
IdentityFile ~/.ssh/vps1_key
ServerAliveInterval 60
ServerAliveCountMax 3
对应的config.yaml条目:
tunnels:
- remote_host: "vps1"
remote_port: 8080
local_port: 3000
direction: local_to_remote
Host corporate-jump
HostName jump.company.com
User myusername
Port 22
IdentityFile ~/.ssh/company_key
Host internal-db
HostName db.internal.company.com
User dbuser
Port 22
IdentityFile ~/.ssh/db_key
ProxyJump corporate-jump
对应的config.yaml条目:
tunnels:
- remote_host: "internal-db"
remote_port: 5432
local_port: 5432
direction: remote_to_local
Host dev-server
HostName dev.example.com
User developer
Port 2222
IdentityFile ~/.ssh/dev_key
Host staging-server
HostName staging.example.com
User deploy
Port 22
IdentityFile ~/.ssh/staging_key
Host prod-server
HostName prod.example.com
User deploy
Port 22
IdentityFile ~/.ssh/prod_key
StrictHostKeyChecking yes
确保SSH文件具有正确的权限:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/config
chmod 600 ~/.ssh/id_*
chmod 644 ~/.ssh/id_*.pub
chmod 600 ~/.ssh/known_hosts
Host *
# 仅使用配置中指定的密钥
IdentitiesOnly yes
# 禁用密码认证
PasswordAuthentication no
PubkeyAuthentication yes
# 使用强加密算法
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Host trusted-servers
HostName *.trusted.com
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts
Host dev-*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
LogLevel QUIET
权限被拒绝
chmod 600 ~/.ssh/config
chmod 600 ~/.ssh/private_key
主机密钥验证失败
ssh-keyscan -H hostname >> ~/.ssh/known_hosts
连接超时
Host slow-server
ConnectTimeout 30
ServerAliveInterval 60
ServerAliveCountMax 10
在使用autossh之前测试您的SSH配置:
# 测试连接
ssh -T hostname
# 详细输出测试
ssh -v hostname
# 测试特定配置文件
ssh -F ~/.ssh/config hostname
在SSH配置中启用调试模式:
Host debug-server
HostName example.com
User myuser
LogLevel DEBUG3
IdentityFile ~/.ssh/debug_key
在autossh-tunnel项目中使用此SSH配置时:
Host名称作为config.yaml中的remote_host值IdentityFile路径正确且可从Docker容器内访问~/.ssh目录在容器中以只读方式挂载SSH配置(~/.ssh/config):
Host tunnel-server
HostName tunnel.example.com
User tunneluser
Port 22
IdentityFile ~/.ssh/tunnel_key
ServerAliveInterval 60
ServerAliveCountMax 3
隧道配置(config/config.yaml):
tunnels:
- remote_host: "tunnel-server"
remote_port: 8080
local_port: 3000
direction: local_to_remote
有关autossh-tunnel项目的更多信息,请参阅主要的README。