Docker SSH转发-绑定：地址不可用

Question

我有一个Docker容器，我希望它可以通过SSH隧道与数据库进行交互。

我的Docker映像基于高山映像构建，并且在Dockerfile中我安装了openssh-client并公开了端口27017

当我启动Docker映像并尝试使用以下命令转发端口时：

ssh -i /.ssh/ssh_key user@remote_ip -L 27017:localhost:27017 -Nf

我收到一个错误：

bind: Address not available

ssh到远程服务器不是问题，但是我无法转发端口。

谢谢

Answer 1

我设法使用这个入口点从 docker-compose 创建一个 ssh 隧道：

ssh -4 -i /.ssh/ssh_key -NL *:27017:0.0.0.0:27017 user@remote_ip

然后我能够通过使用由 docker-compose 创建的网络来使用来自另一个容器的 ssh 隧道

docker run --network=tunnel_default image nmap -p 27027 service_name

tunnel_default 是网络的名称

image是nmap安装的 docker 映像（它允许您检查打开的端口）

service_name 是我给 docker-compose 中的服务起的名字

Answer 2

如果您没有指定要使用的接口，您可以获得“绑定地址不可用”。默认情况下，它将使用所有这些，包括 IPV6。就我而言，它绑定在 IPV4 上，但“地址不可用”实际上是针对 IPV6，例如bind [::1]:2001: Address not available. 如果您使用该-4选项，这将仅使用 IPV4，如果您收到 IPV6 类型错误，那么这将为您解决这个问题，这是我在 Arch Linux 上的解决方案。

-4 强制 ssh 仅使用 IPv4 地址。

-D [bind_address:] 端口

   Specifies a local “dynamic” application-level port forwarding.  This works by allocating a
    socket to listen to port on the local side, optionally bound to the specified
    bind_address.  Whenever a connection is made to this port, the connection is forwarded
    over the secure channel, and the application protocol is then used to determine where to
    connect to from the remote machine.  Currently the SOCKS4 and SOCKS5 protocols are sup?
    ported, and ssh will act as a SOCKS server.  Only root can forward privileged ports.
    Dynamic port forwardings can also be specified in the configuration file.

   IPv6 addresses can be specified by enclosing the address in square brackets.  Only the
    superuser can forward privileged ports.  By default, the local port is bound in accordance
    with the GatewayPorts setting.  However, an explicit bind_address may be used to bind the
    connection to a specific address.  The bind_address of “localhost” indicates that the lis?
    tening port be bound for local use only, while an empty address or ‘*’ indicates that the
    port should be available from all interfaces.