我在我的公有子网上的 AWS 上配置了一个堡垒服务器。 我可以使用堡垒主机直接 ssh 到私有子网内的 ec2 实例。
我可以连接到堡垒主机并检查私有 ec2 实例上的 7474 端口是否打开。
nc -v -z -w 5 10.0.3.102 7474; echo $?
Connection to 10.0.3.102 7474 port [tcp/*] succeeded!
0
我想通过 ssh 隧道从本地主机(我的家用计算机)到专用网络上的 ec2 实例。
ssh -v -C -N -L 9000:PRIVATE_MDM:7474 BASTION
但我得到:
打开失败:管理禁止:打开失败
Authenticated to 52.32.240.40 ([52.32.240.40]:22).
debug1: Local connections to LOCALHOST:9000 forwarded to remote address PRIVATE_MDM:7474
debug1: Local forwarding listening on ::1 port 9000.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 9000.
debug1: channel 1: new [port listener]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Connection to port 9000 forwarding to PRIVATE_MDM port 7474 requested.
debug1: channel 2: new [direct-tcpip]
debug1: Connection to port 9000 forwarding to PRIVATE_MDM port 7474 requested.
debug1: channel 3: new [direct-tcpip]
channel 2: open failed: administratively prohibited: open failed
channel 3: open failed: administratively prohibited: open failed
debug1: channel 2: free: direct-tcpip: listening port 9000 for PRIVATE_MDM port 7474, connect from 127.0.0.1 port 42685 to 127.0.0.1 port 9000, nchannels 4
debug1: channel 3: free: direct-tcpip: listening port 9000 for PRIVATE_MDM port 7474, connect from 127.0.0.1 port 42686 to 127.0.0.1 port 9000, nchannels 3
debug1: Connection to port 9000 forwarding to PRIVATE_MDM port 7474 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: administratively prohibited: open failed
debug1: channel 2: free: direct-tcpip: listening port 9000 for PRIVATE_MDM port 7474, connect from 127.0.0.1 port 42687 to 127.0.0.1 port 9000, nchannels 3
BASTIONAllowTcpForwarding编辑:现在我看到了那里的缺陷。您可以添加描述您想要实现什么目标吗?将未使用的本地端口转发到未使用的远程端口是没有意义的。您可以将远程端的现有服务转发到本地端口(然后使用
-L-R解决方案:示例中的
ncsshhostnameBASTIONPRIVATE_MDM或者您正在尝试使用 Stage 堡垒通过隧道连接到 Prod EC2。