无法使用代理服务器上的sudo获得SSH ProxyCommand的工作

Question

我试图配置我的SSH配置以实现更简单的工作流程，但是我已经在此处运行。 我有一个跳转主机，需要sudo ssh才能连接所有其他机器。

我已经想通了，如果我跑ssh -tt jumphost sudo ssh desthost，我从哪里得到我的sudo密码，我可以访问desthost

现在，当我添加ProxyCommand ssh -tt jumphost sudo ssh %h我ssh_config和运行ssh desthost然后我就得到了一个空白连接。

调试打印输出：

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 
debug1: Reading configuration data /Users/deiga/.ssh/config 
debug1: /Users/deiga/.ssh/config line 34: Applying options for desthost 
debug1: /Users/deiga/.ssh/config line 167: Applying options for * 
debug1: Reading configuration data /etc/ssh_config 
debug1: /etc/ssh_config line 20: Applying options for * 
debug1: auto-mux: Trying existing master 
debug1: Control socket "/tmp/ssh-deiga@desthost:22" does not exist 
debug2: ssh_connect: needpriv 0 
debug1: Executing proxy command: exec ssh -tt jumphost sudo ssh desthost 
debug1: identity file /Users/deiga/.ssh/id_rsa type -1 
debug1: identity file /Users/deiga/.ssh/id_rsa-cert type -1 
debug1: identity file /Users/deiga/.ssh/id_dsa type -1 
debug1: identity file /Users/deiga/.ssh/id_dsa-cert type -1 
debug1: permanently_drop_suid: 501 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_6.2 
debug1: ssh_exchange_identification: [sudo] password for deiga: 

debug1: ssh_exchange_identification: Sorry, try again. 

debug1: ssh_exchange_identification: [sudo] password for deiga: 

debug1: ssh_exchange_identification: sudo: 1 incorrect password attempt 

Answer 1

这不是如何代理指挥工作。基本的例子你应该怎么做jumphosts是这样的：

ProxyCommand ssh -W %h:%p jumphost 

它不支持在远程机器上运行sudo。但是你可以做同样的netcat的命令：

ProxyCommand ssh jumphost nc %h %p 

，并使其与您的sudo要求的工作，只需添加sudo命令：

ProxyCommand ssh jumphost sudo nc %h %p 

如果它不会帮助，请尝试诊断来自ssh的详细日志的问题（-vvv）。