1. administratively prohibited: open failed
用 SSH 打了一个洞,然后发现这个错误:
```
[[email protected] ~]# ssh [email protected] -D 0.0.0.0:9999
channel 2: open failed: administratively prohibited: open failed
channel 3: open failed: administratively prohibited: open failed
channel 4: open failed: administratively prohibited: open failed
channel 5: open failed: administratively prohibited: open failed
channel 4: open failed: administratively prohibited: open failed
channel 5: open failed: administratively prohibited: open failed
channel 4: open failed: administratively prohibited: open failed
channel 5: open failed: administratively prohibited: open failed
channel 16: open failed: administratively prohibited: open failed
channel 17: open failed: administratively prohibited: open failed
```
查看一下错误日志:
```
[[email protected]]# tailf /var/log/secure
Jul 28 21:15:46 bwg sshd[5158]: error: connect_to driver.google.com: unknown host (Name or service not known)
Jul 28 21:15:46 bwg sshd[5158]: error: connect_to driver.google.com: unknown host (Name or service not known)
Jul 28 21:15:47 bwg sshd[5158]: error: connect_to driver.google.com: unknown host (Name or service not known)
Jul 28 21:15:47 bwg sshd[5158]: error: connect_to driver.google.com: unknown host (Name or service not known)
Jul 28 21:15:48 bwg sshd[5158]: error: connect_to driver.google.com: unknown host (Name or service not known)
```
嗯,域名写错了,那肯定访问不通的,应该是 `drive.google.com`。
2. 通过跳板机访问内部机器
```
[[email protected]]# ssh username@目标机器ip -p 22 -o ProxyCommand='ssh -p 22 username@跳板机ip -W %h:%p'
```
- [ssh 通过跳板机直连跳板机内网服务器](https://outmanzzq.github.io/2018/11/20/ssh-connect-through-springboard/)
3. 通过跳板机(隧道)传输文件
```
[[email protected]]# ssh -L 1234:<address of R known to G>:22 <user at G>@<address of G>
[[email protected]]# echo "请打开另外一个终端"
[[email protected]]# scp -P 1234 <user at R>@127.0.0.1:/path/to/file file-name-to-be-copied
```
- [scp via ssh tunnel](http://whoochee.blogspot.com/2012/07/scp-via-ssh-tunnel.html)
4. ssh 反向代理参数解析
```
[[email protected]]# ssh -qngfNTR xxxx
```
- q:quiet mode
- n:Redirects stdin from /dev/null
- g:Allows remote hosts to connect to local forwarded ports.
- f:后台运行
- N:Do not execute a remote command.
- T:Disable pseudo-terminal allocation.
- R:反向代理