我有一些测试服务器在 Openstack 上的堡垒后面运行。测试堆栈经常被删除和创建。创建堆栈后,我运行一组 Ansible 脚本来安装和配置服务器。我的过程几乎完全自动化,但是ssh-keyscan当远程主机在堡垒主机后面时,我似乎无法开始工作。
这就是我在我的 ~/.ssh/config
Host bastion
HostName 1.2.3.4
User myuser
IdentityFile ~/.ssh/private_key.pem
Host remote-host1
HostName 192.168.0.123
User myuser
IdentityFile ~/.ssh/private_key.pem
ProxyCommand ssh -W %h:%p bastion
如果我尝试跑步,ssh-keyscan remote-host1我会得到
getaddrinfo remote-host1: Name or service not known
运行ssh remote-host1有效,但会提示
The authenticity of host '192.168.0.123 (<no hostip for proxy command>)' can't be established.
ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)?
我试图避免。
我知道有一个 SSH 选项-o StrictHostKeyChecking=no,可以使用ssh_args …