亚马逊 EC2 实例之间的 ssh 与 X11 转发
Posted
技术标签:
【中文标题】亚马逊 EC2 实例之间的 ssh 与 X11 转发【英文标题】:ssh between amazon EC2 instances with X11 forwarding 【发布时间】:2017-03-07 04:54:06 【问题描述】:我在一个 VPC 中有两个 EC2 实例 - 一个堡垒机和一个开发机器。
我可以通过 ssh 进入堡垒并运行 X11 应用程序。但是,当我从堡垒 ssh 到开发机器时,X 转发失败:
> ssh -vX -i ~/.ssh/my_key.pem ec2-user@X.X.X.X
…
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Remote: Can't get IP address for X11 DISPLAY.
X11 forwarding request failed on channel 0
完整的日志如下。
远程实例(即开发机器)安装了 xauth 包,并且 /etc/ssh/sshd_config 文件(在开发机器上)具有以下条目:
X11Forwarding yes
X11UseLocalhost no
有谁知道问题出在哪里?
干杯 史蒂夫
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to X.X.X.X [X.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/ec2-user/.ssh/my_key.pem type -1
debug1: identity file /home/ec2-user/.ssh/my_key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA Y:Y:Y:Y:Y:Y:Y:Y:Y
debug1: Host 'X.X.X.X' is known and matches the ECDSA host key.
debug1: Found key in /home/ec2-user/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ec2-user/.ssh/my_key.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to X.X.X.X ([X.X.X.X]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Remote: Can't get IP address for X11 DISPLAY.
X11 forwarding request failed on channel 0
【问题讨论】:
【参考方案1】:解决方案是将 X11UseLocalhost 设置为“是”。
【讨论】:
以上是关于亚马逊 EC2 实例之间的 ssh 与 X11 转发的主要内容,如果未能解决你的问题,请参考以下文章
如何在没有 PEM 密钥的情况下通过 ssh 进入 EC2 实例?
如何使用 xhost/xauth 控制从 EC2 到 cygwinX 的 X11 访问
如何通过 SSH 隧道通过 AWS 堡垒/跳转服务器从笔记本电脑访问 phpMyAdmin 到使用 .ssh/config 的 EC2 实例