1. administratively prohibited: open failed

  1. SSH 打了一个洞,然后发现这个错误:
  2. ```
  3. [[email protected] ~]# ssh [email protected] -D 0.0.0.0:9999
  4. channel 2: open failed: administratively prohibited: open failed
  5. channel 3: open failed: administratively prohibited: open failed
  6. channel 4: open failed: administratively prohibited: open failed
  7. channel 5: open failed: administratively prohibited: open failed
  8. channel 4: open failed: administratively prohibited: open failed
  9. channel 5: open failed: administratively prohibited: open failed
  10. channel 4: open failed: administratively prohibited: open failed
  11. channel 5: open failed: administratively prohibited: open failed
  12. channel 16: open failed: administratively prohibited: open failed
  13. channel 17: open failed: administratively prohibited: open failed
  14. ```
  15. 查看一下错误日志:
  16. ```
  17. [[email protected]]# tailf /var/log/secure
  18. Jul 28 21:15:46 bwg sshd[5158]: error: connect_to driver.google.com: unknown host (Name or service not known)
  19. Jul 28 21:15:46 bwg sshd[5158]: error: connect_to driver.google.com: unknown host (Name or service not known)
  20. Jul 28 21:15:47 bwg sshd[5158]: error: connect_to driver.google.com: unknown host (Name or service not known)
  21. Jul 28 21:15:47 bwg sshd[5158]: error: connect_to driver.google.com: unknown host (Name or service not known)
  22. Jul 28 21:15:48 bwg sshd[5158]: error: connect_to driver.google.com: unknown host (Name or service not known)
  23. ```
  24. 嗯,域名写错了,那肯定访问不通的,应该是 `drive.google.com`

2. 通过跳板机访问内部机器

  1. ```
  2. [[email protected]]# ssh username@目标机器ip -p 22 -o ProxyCommand='ssh -p 22 username@跳板机ip -W %h:%p'
  3. ```
  4. - [ssh 通过跳板机直连跳板机内网服务器](https://outmanzzq.github.io/2018/11/20/ssh-connect-through-springboard/)

3. 通过跳板机(隧道)传输文件

  1. ```
  2. [[email protected]]# ssh -L 1234:<address of R known to G>:22 <user at G>@<address of G>
  3. [[email protected]]# echo "请打开另外一个终端"
  4. [[email protected]]# scp -P 1234 <user at R>@127.0.0.1:/path/to/file file-name-to-be-copied
  5. ```
  6. - [scp via ssh tunnel](http://whoochee.blogspot.com/2012/07/scp-via-ssh-tunnel.html)

4. ssh 反向代理参数解析

  1. ```
  2. [[email protected]]# ssh -qngfNTR xxxx
  3. ```
  4. - qquiet mode
  5. - nRedirects stdin from /dev/null
  6. - gAllows remote hosts to connect to local forwarded ports.
  7. - f:后台运行
  8. - NDo not execute a remote command.
  9. - TDisable pseudo-terminal allocation.
  10. - R:反向代理