原 使用ssh连接报错AAAA No permission to execute the command
现象
麒麟系统:
1 2 3 4 5 6 7 8 | [root@kingbasestandby ~]# cat /etc/os-release NAME="Kylin Linux Advanced Server" VERSION="V10 (Lance)" ID="kylin" VERSION_ID="V10" PRETTY_NAME="Kylin Linux Advanced Server V10 (Lance)" ANSI_COLOR="0;31" |
直接运行报错,但是用strace跟踪却不报错:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [root@kingbasestandby ~]# ssh kingbasemaster -vvv AAAA: No permission to execute the command ^C [root@kingbasemaster ~]# ssh AAAA: No permission to execute the command ^C [root@kingbasemaster ~]# [root@kingbasemaster ~]# [root@kingbasemaster ~]# strace -o /tmp/output.txt -T -tt -e trace=all ssh usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command] [root@kingbasemaster ~]# |
原因
研究了很久,发现不是主机的问题,最后咨询客户,发现是堡垒机拦截的问题。
限制了内网里面ssh相互远程,堡垒机监控到ssh命令就拦截,命令没有输入到远程的机器里
ssh相互远程会跳过堡垒机运维,存在安全风险,无法审计
本人提供Oracle(OCP、OCM)、MySQL(OCP)、PostgreSQL(PGCA、PGCE、PGCM)等数据库的培训和考证业务,私聊QQ646634621或微信dbaup66,谢谢!