我打算实施一个golang版本的ssh客户端,通过堡垒连接到目标服务器。但不幸的是,我在替换nc proxy时失败了。golang ssh replacement ssh ProxyCommand by nc
在我的本地的ssh配置:
Host bastion
HostName xxx.xxx.xxx.xxx
User ec2-user
IdentityFile ~/.ssh/xxx-bastion.pem
Host 10.0.*.*
User ec2-user
IdentityFile ~/.ssh/xxx-dest.pem
ProxyCommand ssh -q bastion "nc -w 3600 %h %p"
我golang实现是这样的:
var(
Bastion="xxx.xxx.xxx.xxx:22"
Target="xxx.xxx.xxx.xxx:22"
BastionPem ="/Users/me/.ssh/xxx-bastion.pem"
DestPem ="/Users/me/.ssh/xxx-dest.pem"
Timeout=30*time.Second
)
func BastionConfig() (*ssh.ClientConfig,error){
pemBytes, err := ioutil.ReadFile(BastionPem)
if err != nil {
log.Fatal(err)
}
signer, err := ssh.ParsePrivateKey(pemBytes)
if err != nil {
log.Fatalf("parse key failed:%v", err)
}
config := &ssh.ClientConfig{
User: "ec2-user",
Auth: []ssh.AuthMethod{ssh.PublicKeys(signer)},
Timeout:Timeout,
}
return config,err
}
func DestConfig() (*ssh.ClientConfig,error){
pemBytes, err := ioutil.ReadFile(TargetPem)
if err != nil {
log.Fatal(err)
}
signer, err := ssh.ParsePrivateKey(pemBytes)
if err != nil {
log.Fatalf("parse key failed:%v", err)
}
config := &ssh.ClientConfig{
User: "ec2-user",
Auth: []ssh.AuthMethod{ssh.PublicKeys(signer)},
Timeout:Timeout,
}
return config,err
}
func Connect(){
config,_:= BastionConfig()
bClient, err := ssh.Dial("tcp", Bastion, config)
if err != nil {
log.Fatal("dial bastion error:",err)
}
log.Println("dial bastion ok...")
// Dial a connection to the service host, from the bastion
conn, err := bClient.Dial("tcp", Target)
if err != nil {
log.Fatal("dial target error",err)
}
targetConfig,_:= DestConfig()
ncc, chans, reqs, err := ssh.NewClientConn(conn, Target, targetConfig)
if err != nil {
log.Fatal("new target conn error:",err)
}
log.Printf("target conn[%s] ok\n",Target)
targetClient := ssh.NewClient(ncc, chans, reqs)
if err != nil {
log.Fatalf("target ssh error:%v",err)
}
session,err:=targetClient.NewSession()
if err!=nil{
log.Fatalf("session failed:%v",err)
}
defer session.Close()
var stdoutBuf bytes.Buffer
session.Stdout = &stdoutBuf
err = session.Run("hostname")
if err != nil {
log.Fatalf("Run failed:%v", err)
}
log.Printf(">%s", stdoutBuf)
}
但我得到的堡垒服务器的主机名不是我的目标之一,没有我想引导destionation服务器的输入/输出什么的,我不知道我的代码出了什么问题,任何人都可以给我一些指导。
非常感谢。