Re: туннель SSH к удалённым хостам
Добавлено: 31 янв 2022, 20:30
Целевой хост (HP-Compaq):
Код: Выделить всё
an@HP-Compaq:~$ hostname
HP-Compaq
an@HP-Compaq:~$ uname -a
Linux HP-Compaq 5.4.0-96-generic #109-Ubuntu SMP Wed Jan 12 16:49:16 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
an@HP-Compaq:~$ ps -A | grep ssh
747 ? 00:00:00 sshd
1074 ? 00:00:00 ssh-agent
Код: Выделить всё
an@HP-Compaq:~$ ssh olej@185.200.243.3
The authenticity of host '185.200.243.3 (185.200.243.3)' can't be established.
ECDSA key fingerprint is SHA256:Zy7Qjz2Pd0ylCA6jUOGLpiY9ORdHUD9YZsuJ55epLok.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '185.200.243.3' (ECDSA) to the list of known hosts.
olej@185.200.243.3's password:
Linux 277938.local 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jan 31 17:37:06 2022 from 193.28.177.117
olej@277938:~$ hostname
277938.local
Код: Выделить всё
an@HP-Compaq:~$ ssh -fN -R 185.200.243.3:2222:localhost:22 olej@185.200.243.3
olej@185.200.243.3's password:
an@HP-Compaq:~$
С управляющего хоста (R420) устанавливаю SSH коннект с целевым хостом (HP-Compaq) используя транзитный хост (с белым IP 185.200.243.3 - linux-ru.ru - имя хоста 277938.local) ... и тут облом:
Код: Выделить всё
olej@R420:~$ ssh -p 2222 olej@185.200.243.3
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:GAldbNLTt0x2c1YDiYxSwuacPiJ7hSu6TdfKnSlVDnc.
Please contact your system administrator.
Add correct host key in /home/olej/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/olej/.ssh/known_hosts:24
remove with:
ssh-keygen -f "/home/olej/.ssh/known_hosts" -R "[185.200.243.3]:2222"
ECDSA host key for [185.200.243.3]:2222 has changed and you have requested strict checking.
Host key verification failed.