この記事は約66分33秒で読むことができます。

多段ssh接続をdockerホストからdockerコンテナに向けてやってみた話

参考文献

多段ssh設定のまとめ  
SSH 多段接続で三段先のサーバに接続する  
多段sshを行うときに、ローカルの秘密鍵を参照し続ける  
Compose file version 3 reference  
Compose のネットワーク機能  

まえがき

フォルダ構成

ssh3フォルダは用意。a.shは使わない。

コード表示

[oracle@centos tadan]$ rm ./share/ssh{1..3}/*pub
[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   └── tmpl
│   ├── ssh2
│   │   └── tmpl
│   └── ssh3
│       └── tmpl
└── tmpl
    └── a.sh

8 directories, 4 files

権限整備

dockerホストで

コード表示

[oracle@centos tadan]$ sudo chown -R oracle:docker share
[oracle@centos tadan]$ sudo chown -R oracle:docker tmpl
[oracle@centos tadan]$ ll
合計 20
-rw-r--r--. 1 oracle docker  531  5月 11 16:33 Dockerfile
-rw-r--r--. 1 oracle docker   58  5月 11 13:25 Makefile
-rw-r--r--. 1 oracle docker  962  5月 11 16:25 docker-compose.yml
drwxr-xr-x. 4 oracle docker 4096  5月 11 16:08 share
drwxr-xr-x. 2 oracle docker 4096  5月 11 16:19 tmpl

Dockerfile

oracleユーザーでログインするようにすると、権限まわりであぁとなるので、デフぉのrootで。suしてもだめだった気がする。

コード表示

[oracle@centos tadan]$ cat D*
FROM centos:latest

RUN yum install -y iputils \
yum install -y net-tools \
yum install -y iproute \
yum install -y vim \
yum install -y tree \
yum install -y lsof \
yum install -y expect \
yum install -y openssh-server \
yum install -y openssh-clients

ENV TZ='Asia/Tokyo'

RUN groupadd -g 1001 docker
RUN useradd -m -g docker -u 1000 oracle

RUN echo 'ORACLE_PWD' | passwd --stdin oracle
RUN echo 'ORACLE_PWD' | passwd --stdin root

RUN mkdir -p /home/oracle/.ssh

#USER oracle
#WORKDIR /home/oracle
EXPOSE 20
CMD ["/sbin/init"]

Makefile

エイリアス

コード表示

[oracle@centos tadan]$ cat M*
CMD=docker-compose
up:
	@$(CMD) up -d
down:
	@$(CMD) down

docker-compose.yml

3コンテナ起動。

コード表示

[oracle@centos tadan]$ docker --version
Docker version 18.09.5, build e8ff056
[oracle@centos tadan]$ cat d*
version: '3.7'
services:
  ssh_saba1:
    image: centos_ssh
    container_name: ssh1
    #command: bash -c "ehoc hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh1:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.101
    ports:
      - '1:22'
  ssh_saba2:
    image: centos_ssh
    container_name: ssh2
    #command: bash -c "echo hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh2:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.102
    ports:
      - '2:22'
  ssh_saba3:
    image: centos_ssh
    container_name: ssh3
    #command: bash -c "echo hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh3:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.103
    ports:
      - '3:22'
networks:
  ssh_net:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.100.0/24

a.sh

コンテナ内でkickするやつ。sshの公開鍵と秘密鍵をコンテナ単位で作成。expectコマンド使って自動化しようとした名残だけある。今回はローカル(docker ホスト)で鍵作成。

コード表示

[oracle@centos tadan]$ cat t*/a*
#!/bin/bash
PWD=""
expect -c "
spawn ssh-keygen -t rsa
expect \"Enter\"
send \"${PWD}\n\"
expect \"Enter\"
send \"${PWD}\n\"
expect \"Enter\"
send \"${PWD}\n\"
expect \"\\\$\"
exit 0
"

centos_sshイメージの作成

dockerfileでマルチステージング機能あるぽくて、サイズ圧縮できるってどっかで見て試したけど、うまく使いこなせなかった。

コード表示

[oracle@centos tadan]$ docker build -t centos_ssh .
[oracle@centos tadan]$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos_ssh          latest              43f44c1e64a5        11 seconds ago      360MB
centos              latest              9f38484d220f        8 weeks ago         202MB

コンテナ起動前ネットワーク確認

ネットワークすき

コード表示

[oracle@centos tadan]$ brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.0242818de210	no		
virbr0		8000.5254006a2171	yes		virbr0-nic
[oracle@centos tadan]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ccc0:20d4:3aed:ca75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
6: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:81:8d:e2:10 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:81ff:fe8d:e210/64 scope link 
       valid_lft forever preferred_lft forever


[oracle@centos tadan]$ sudo iptables -t nat -L -n | grep -A 10 "Chain POSTROUTING"
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
RETURN     all  --  192.168.122.0/24     224.0.0.0/24        
RETURN     all  --  192.168.122.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    
POSTROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           

コンテナ起動

makeコマンドで。

コード表示

[oracle@centos tadan]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[oracle@centos tadan]$ make up
Creating network "tadan_ssh_net" with driver "bridge"
Creating ssh1 ... done
Creating ssh2 ... done
Creating ssh3 ... done
[oracle@centos tadan]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                       NAMES
4869f3cec966        centos_ssh          "/sbin/init"        13 hours ago        Up 13 hours         20/tcp, 0.0.0.0:1->22/tcp   ssh1
5f6b238319ff        centos_ssh          "/sbin/init"        13 hours ago        Up 13 hours         20/tcp, 0.0.0.0:2->22/tcp   ssh2
50e75a25f30f        centos_ssh          "/sbin/init"        13 hours ago        Up 13 hours         20/tcp, 0.0.0.0:3->22/tcp   ssh3

コンテナ起動後ネットワーク確認

docker0のIFは使われていない。独自に定義したbridgeルータにコンテナは接続している。

コード表示

[oracle@centos tadan]$ brctl show
bridge name	bridge id		STP enabled	interfaces
br-3cb3a09916e1		8000.0242011202de	no		veth3ab229f
							vetha272766
							vethc24b63c
docker0		8000.0242818de210	no		
virbr0		8000.5254006a2171	yes		virbr0-nic
[oracle@centos tadan]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ccc0:20d4:3aed:ca75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
6: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:81:8d:e2:10 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:81ff:fe8d:e210/64 scope link 
       valid_lft forever preferred_lft forever
363: br-3cb3a09916e1:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:01:12:02:de brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global br-3cb3a09916e1
       valid_lft forever preferred_lft forever
    inet6 fe80::42:1ff:fe12:2de/64 scope link 
       valid_lft forever preferred_lft forever
365: vetha272766@if364:  mtu 1500 qdisc noqueue master br-3cb3a09916e1 state UP group default 
    link/ether c2:10:0e:d3:93:fb brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::c010:eff:fed3:93fb/64 scope link 
       valid_lft forever preferred_lft forever
367: veth3ab229f@if366:  mtu 1500 qdisc noqueue master br-3cb3a09916e1 state UP group default 
    link/ether 66:3f:98:2c:cc:97 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::643f:98ff:fe2c:cc97/64 scope link 
       valid_lft forever preferred_lft forever
369: vethc24b63c@if368:  mtu 1500 qdisc noqueue master br-3cb3a09916e1 state UP group default 
    link/ether b6:f4:23:67:1d:3a brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::b4f4:23ff:fe67:1d3a/64 scope link 
       valid_lft forever preferred_lft forever
[oracle@centos tadan]$ sudo iptables -t nat -L -n | grep -A 10 "Chain POSTROUTING"
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  192.168.100.0/24     0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
RETURN     all  --  192.168.122.0/24     224.0.0.0/24        
RETURN     all  --  192.168.122.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    
POSTROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           

a.shをキックしない。

今回はローカル(docker ホスト)で鍵作成。

コード表示

[oracle@centos .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bxKbA6TM6rg/RG5ANOqORnL/7wP/247Mjbsnr8D7Hvg oracle@centos
The key's randomart image is:
+---[RSA 2048]----+
|.o               |
|...              |
|o     .          |
|o .o o           |
|.*. + . S        |
|=.+o  .o *       |
|.=. .  oO +      |
|.o.  .  oX.*.    |
|ooo.  .o+=EX=    |
+----[SHA256]-----+

dockerホストから各コンテナに公開鍵を配布

コンテナごとに公開鍵を配布。

コード表示

[oracle@centos tadan]$ echo -e $(pwd)/share/ssh{1..3}\\n | xargs -I@ bash -c 'cp ~/.ssh/*pub @'
[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   ├── id_rsa.pub
│   │   └── tmpl
│   ├── ssh2
│   │   ├── id_rsa.pub
│   │   └── tmpl
│   └── ssh3
│       ├── id_rsa.pub
│       └── tmpl
└── tmpl
    └── a.sh

8 directories, 7 files

sshdサービス起動確認

コード表示

[oracle@centos .ssh]$ docker exec -it ssh1 /bin/bash
[root@4869f3cec966 /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-05-11 18:27:07 JST; 13h ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 2344 (sshd)
   CGroup: /docker/4869f3cec966c4611962f1b02c163264d8e292c8df4a3b320b8e8b08fbb86d35/system.slice/sshd.service
           └─2344 /usr/sbin/sshd -D
           ‣ 2344 /usr/sbin/sshd -D

May 11 18:27:07 4869f3cec966 systemd[1]: Starting OpenSSH server daemon...
May 11 18:27:07 4869f3cec966 sshd[2344]: Server listening on 0.0.0.0 port 22.
May 11 18:27:07 4869f3cec966 sshd[2344]: Server listening on :: port 22.
May 11 18:27:07 4869f3cec966 systemd[1]: Started OpenSSH server daemon.
May 11 21:57:48 4869f3cec966 sshd[5431]: Accepted password for root from 192.168.100.1 port 33038 ssh2
May 11 21:57:55 4869f3cec966 sshd[5448]: Connection closed by 192.168.100.1 port 33044 [preauth]
May 12 07:22:11 4869f3cec966 sshd[5454]: Accepted password for root from 192.168.100.1 port 42396 ssh2
May 12 07:23:04 4869f3cec966 sshd[5471]: Accepted password for root from 192.168.100.1 port 42410 ssh2
[root@4869f3cec966 /]# exit
[oracle@centos .ssh]$ docker exec -it ssh2 /bin/bash
[root@5f6b238319ff /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-05-11 18:27:07 JST; 13h ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1866 (sshd)
   CGroup: /docker/5f6b238319ff35260f1385261064b6f67562554c668cf4f009682acf20202b54/system.slice/sshd.service
           └─1866 /usr/sbin/sshd -D
           ‣ 1866 /usr/sbin/sshd -D

May 11 18:27:07 5f6b238319ff systemd[1]: Starting OpenSSH server daemon...
May 11 18:27:07 5f6b238319ff sshd[1866]: Server listening on 0.0.0.0 port 22.
May 11 18:27:07 5f6b238319ff sshd[1866]: Server listening on :: port 22.
May 11 18:27:07 5f6b238319ff systemd[1]: Started OpenSSH server daemon.
May 11 21:51:32 5f6b238319ff sshd[5402]: Accepted password for root from 192.168.100.1 port 46484 ssh2
May 11 22:09:56 5f6b238319ff sshd[5419]: Accepted password for oracle from 192.168.100.1 port 47334 ssh2
May 11 22:16:08 5f6b238319ff sshd[5422]: Accepted password for oracle from 192.168.100.1 port 47626 ssh2
May 11 22:17:21 5f6b238319ff sshd[5425]: Accepted password for oracle from 192.168.100.1 port 47646 ssh2
May 11 22:17:53 5f6b238319ff sshd[5428]: Accepted password for oracle from 192.168.100.1 port 47660 ssh2
[root@5f6b238319ff /]# exit
[oracle@centos .ssh]$ docker exec -it ssh3 /bin/bash
[root@50e75a25f30f /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-05-11 18:27:06 JST; 13h ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1884 (sshd)
   CGroup: /docker/50e75a25f30f6af7dd199924be5505094f35b0550ee87113f252fea2f5815194/system.slice/sshd.service
           └─1884 /usr/sbin/sshd -D
           ‣ 1884 /usr/sbin/sshd -D

May 11 18:27:06 50e75a25f30f systemd[1]: Starting OpenSSH server daemon...
May 11 18:27:06 50e75a25f30f sshd[1884]: Server listening on 0.0.0.0 port 22.
May 11 18:27:06 50e75a25f30f sshd[1884]: Server listening on :: port 22.
May 11 18:27:06 50e75a25f30f systemd[1]: Started OpenSSH server daemon.
May 11 21:48:59 50e75a25f30f sshd[8002]: Accepted password for root from 192.168.100.1 port 59862 ssh2
May 11 21:54:55 50e75a25f30f sshd[8020]: Connection closed by 192.168.100.1 port 60144 [preauth]
May 11 22:10:02 50e75a25f30f sshd[8022]: Accepted password for root from 192.168.100.102 port 50252 ssh2
May 11 22:16:23 50e75a25f30f sshd[8040]: Accepted password for root from 192.168.100.102 port 50542 ssh2
May 11 22:17:28 50e75a25f30f sshd[8073]: Accepted password for oracle from 192.168.100.102 port 50568 ssh2
May 11 22:17:58 50e75a25f30f sshd[8095]: Accepted password for root from 192.168.100.102 port 50576 ssh2

こっちのほうが楽。-itオプション指定しないこと。

コード表示

[oracle@centos tadan]$ seq 3 | xargs -I@ bash -c 'docker exec ssh@ systemctl status sshd'
[oracle@centos tadan]$ seq 3 | xargs -I@ bash -c 'docker exec ssh@ systemctl status sshd'
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-05-12 17:20:27 JST; 13min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 2015 (sshd)
   CGroup: /docker/638ccb67f9caf21a7ad35524eb9c3b09950ca17f7cda1d8f5ee33ad0537d7078/system.slice/sshd.service
           └─2015 /usr/sbin/sshd -D
           ‣ 2015 /usr/sbin/sshd -D

May 12 17:20:27 638ccb67f9ca systemd[1]: Starting OpenSSH server daemon...
May 12 17:20:27 638ccb67f9ca sshd[2015]: Server listening on 0.0.0.0 port 22.
May 12 17:20:27 638ccb67f9ca sshd[2015]: Server listening on :: port 22.
May 12 17:20:27 638ccb67f9ca systemd[1]: Started OpenSSH server daemon.
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-05-12 17:20:27 JST; 13min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1991 (sshd)
   CGroup: /docker/f62321332bb2fc8952c5de347678c9c362fec317c7316670b61c87e9397ef99c/system.slice/sshd.service
           └─1991 /usr/sbin/sshd -D
           ‣ 1991 /usr/sbin/sshd -D

May 12 17:20:27 f62321332bb2 systemd[1]: Starting OpenSSH server daemon...
May 12 17:20:27 f62321332bb2 sshd[1991]: Server listening on 0.0.0.0 port 22.
May 12 17:20:27 f62321332bb2 sshd[1991]: Server listening on :: port 22.
May 12 17:20:27 f62321332bb2 systemd[1]: Started OpenSSH server daemon.
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-05-12 17:20:27 JST; 13min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1405 (sshd)
   CGroup: /docker/cb4b615a81692c9bb1d2283d49cb84d24ecae03b69210e08724255afca9f03b5/system.slice/sshd.service
           └─1405 /usr/sbin/sshd -D
           ‣ 1405 /usr/sbin/sshd -D

May 12 17:20:27 cb4b615a8169 systemd[1]: Starting OpenSSH server daemon...
May 12 17:20:27 cb4b615a8169 sshd[1405]: Server listening on 0.0.0.0 port 22.
May 12 17:20:27 cb4b615a8169 sshd[1405]: Server listening on :: port 22.
May 12 17:20:27 cb4b615a8169 systemd[1]: Started OpenSSH server daemon.

dockerホストからssh3コンテナまでssh疎通できるかconfigファイル編集しながら試す。

ssh1まで

できた

コード表示

[oracle@centos .ssh]$ pwd
/home/oracle/.ssh
[oracle@centos .ssh]$ whoami
oracle
[oracle@centos .ssh]$ ip a show eth0
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ccc0:20d4:3aed:ca75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[oracle@centos .ssh]$ cat c*
#Host ssh3
#  Hostname 192.168.100.103
#  Port 22
#  Identityfile ~/.ssh/id_rsa
#  User root
#  ProxyCommand ssh -W %h:%p 192.168.100.102
#Host ssh2
#  Hostname 192.168.100.102
#  Port 22
#  Identityfile ~/.ssh/id_rsa
#  User root
#  ProxyCommand ssh -W %h:%p 192.168.100.101
Host ssh1
  Hostname 192.168.100.101
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
[oracle@centos .ssh]$ ssh ssh1
root@192.168.100.101's password: 
Last login: Sat May 11 22:23:04 2019 from gateway
[root@4869f3cec966 ~]# whoami
root
[root@4869f3cec966 ~]# ip a show eth0
368: eth0@if369:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:65 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.101/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@4869f3cec966 ~]# logout
Connection to 192.168.100.101 closed.
[oracle@centos .ssh]$ ssh oracle@ssh1
oracle@192.168.100.101's password: 
[oracle@4869f3cec966 ~]$ whoami
oracle
[oracle@4869f3cec966 ~]$ ip a show eth0
368: eth0@if369:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:65 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.101/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[oracle@4869f3cec966 ~]$ logout
Connection to 192.168.100.101 closed.



[oracle@centos .ssh]$ ssh ssh2
ssh: Could not resolve hostname ssh2: Name or service not known
[oracle@centos .ssh]$ ssh ssh3
ssh: Could not resolve hostname ssh3: Name or service not known

ssh2まで

できた

コード表示

[oracle@centos .ssh]$ cat c*
#Host ssh3
#  Hostname 192.168.100.103
#  Port 22
#  Identityfile ~/.ssh/id_rsa
#  User root
#  ProxyCommand ssh -W %h:%p 192.168.100.102
Host ssh2
  Hostname 192.168.100.102
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
  ProxyCommand ssh -W %h:%p 192.168.100.101
Host ssh1
  Hostname 192.168.100.101
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
[oracle@centos .ssh]$ ssh ssh2
oracle@192.168.100.101's password: 
root@192.168.100.102's password: 
Last login: Sat May 11 12:51:32 2019 from gateway
[root@5f6b238319ff ~]# whoami
root
[root@5f6b238319ff ~]# ip a show eth0
366: eth0@if367:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:66 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.102/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever


[root@5f6b238319ff ~]# logout
Connection to 192.168.100.102 closed.
Killed by signal 1.
[oracle@centos .ssh]$ ssh oracle@ssh2
oracle@192.168.100.101's password: 
oracle@192.168.100.102's password: 
Permission denied, please try again.
oracle@192.168.100.102's password: 
Last failed login: Sat May 11 22:48:43 UTC 2019 from ssh1.tadan_ssh_net on ssh:notty
There was 1 failed login attempt since the last successful login.
[oracle@5f6b238319ff ~]$ whoami
oracle
[oracle@5f6b238319ff ~]$ ip a show eth0
366: eth0@if367:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:66 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.102/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[oracle@5f6b238319ff ~]$ logout
Connection to 192.168.100.102 closed.
Killed by signal 1.
[oracle@centos .ssh]$ ssh ssh3
ssh: Could not resolve hostname ssh3: Name or service not known

ssh3まで

できた

コード表示

[oracle@centos .ssh]$ cat c*
Host ssh3
  Hostname 192.168.100.103
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
  ProxyCommand ssh -W %h:%p 192.168.100.102
Host ssh2
  Hostname 192.168.100.102
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
  ProxyCommand ssh -W %h:%p 192.168.100.101
Host ssh1
  Hostname 192.168.100.101
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
[oracle@centos .ssh]$ ssh ssh3
oracle@192.168.100.102's password: 
root@192.168.100.103's password: 
Last login: Sat May 11 13:17:58 2019 from ssh2.tadan_ssh_net
[root@50e75a25f30f ~]# whoami
root
[root@50e75a25f30f ~]# ip a show eth0
364: eth0@if365:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:67 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.103/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@50e75a25f30f ~]# logout
Connection to 192.168.100.103 closed.
Killed by signal 1.


[oracle@centos .ssh]$ ssh oracle@ssh3
oracle@192.168.100.102's password: 
oracle@192.168.100.103's password: 
Last login: Sat May 11 13:17:28 2019 from ssh2.tadan_ssh_net
[oracle@50e75a25f30f ~]$ whoami
oracle
[oracle@50e75a25f30f ~]$ ip a show eth0
364: eth0@if365:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:67 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.103/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[oracle@50e75a25f30f ~]$ logout
Connection to 192.168.100.103 closed.
Killed by signal 1.

あとがき

多段sshの練習になった。コンテナ名の色とコンテナの名前をおしゃれにしたい。以上、ありがとうございました。

Leave a Reply

Your email address will not be published. Required fields are marked *