Ssh 使用来自网关的密钥通过网关连接结构

我需要通过网关机器连接到EC2实例。密钥文件存储在网关计算机上。以下ssh命令连接我：

ssh -t gateway ssh ec2

但是，在我的文件中，我有以下设置：

env.hosts = ['ec2.<snip>.compute.amazonaws.com']
env.gateway = 'gateway'

以下是fabric和paramiko调试信息：

local> fab --show=debug uname
Using fabfile '/home/matt/.../fabfile.py'
Commands to run: uname
Parallel tasks now using pool size of 1
[ec2-.compute.amazonaws.com] Executing task 'uname'
[ec2-.compute.amazonaws.com] run: /bin/bash -l -c "uname -a"
Creating new gateway connection to 'gateway'
DEBUG:paramiko.transport:starting thread (client mode): 0xb6e50dd0L
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.3)
DEBUG:paramiko.transport:kex algos:[u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-cbc@lysator.liu.se'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-cbc@lysator.liu.se'] client mac:[u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
DEBUG:paramiko.transport:Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
DEBUG:paramiko.transport:using kex diffie-hellman-group14-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Trying SSH agent key e35b78f<snip>80bff41ce73484
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) successful!
DEBUG:paramiko.transport:[chan 0] Max packet in: 32768 bytes
DEBUG:paramiko.transport:[chan 0] Max packet out: 32768 bytes
DEBUG:paramiko.transport:Secsh channel 0 opened.
DEBUG:paramiko.transport:starting thread (client mode): 0xb6eacf10L
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_6.2)
DEBUG:paramiko.transport:kex algos:[u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss', u'ecdsa-sha2-nistp256'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-cbc@lysator.liu.se'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-cbc@lysator.liu.se'] client mac:[u'hmac-md5-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-ripemd160-etm@openssh.com', u'hmac-sha1-96-etm@openssh.com', u'hmac-md5-96-etm@openssh.com', u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-ripemd160-etm@openssh.com', u'hmac-sha1-96-etm@openssh.com', u'hmac-md5-96-etm@openssh.com', u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
DEBUG:paramiko.transport:Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
DEBUG:paramiko.transport:using kex diffie-hellman-group14-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-rsa host key for ec2-.compute.amazonaws.com: 4fb53<snip>8579c5f
DEBUG:paramiko.transport:Trying SSH agent key e35b78f1<snip>484
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
DEBUG:paramiko.transport:Trying discovered key e35b78<snip>484 in /home/matt/.ssh/id_rsa
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
[ec2-.compute.amazonaws.com] Login password for 'user':

local>fab--show=debug uname
使用fabfile'/home/matt/../fabfile.py'
要运行的命令：uname
现在使用池大小为1的并行任务
[ec2-.compute.amazonaws.com]正在执行任务“uname”
[ec2-.compute.amazonaws.com]运行：/bin/bash-l-c“uname-a”
正在创建到“网关”的新网关连接
调试：paramiko.transport:启动线程（客户端模式）：0xb6e50dd0L
信息：paramiko.transport:Connected（版本2.0，客户端OpenSSH_5.3）
调试：paramiko.transport:kex algos:[u'diffie-hellman-group-exchange-sha256'，u'diffie-hellman-group-exchange-sha1'，u'diffie-hellman-group14-sha1'，u'diffie-hellman-group1-sha1']服务器密钥：[u'ssh-rsa'，u'ssh-dss']客户端加密：[u'aes128-ctr'，u'aes192-ctr'，u'aes256-ctr'，u'arcfour256'，u'arcfour128'，u'aes128-cbc'，u'3des-cbc'，u'blowfish-cbc'，u'cast128-cbc'，u'aes192-cbc'，u'aes256-cbc'，u'arcfour'，u'rijndael-cbc@lysator.liu.se“]服务器加密：[u'aes128-ctr'，u'aes192-ctr'，u'aes256-ctr'，u'arcfour256'，u'arcfour128'，u'aes128-cbc'，u'3des-cbc'，u'blowfish-cbc'，u'cast128-cbc'，u'aes192-cbc'，u'aes256-cbc'，u'arcfour'，u'rijndael-cbc@lysator.liu.se“]客户端mac:[u'hmac-md5'，u'hmac-sha1'，u'umac-64@openssh.com'u'hmac-sha2-256'，u'hmac-sha2-512'，u'hmac-ripemd160'，u'hmac-ripemd160@openssh.com“，u'hmac-sha1-96'，u'hmac-md5-96']服务器mac:[u'hmac-md5'，u'hmac-sha1'，u'umac-64@openssh.com'u'hmac-sha2-256'，u'hmac-sha2-512'，u'hmac-ripemd160'，u'hmac-ripemd160@openssh.com'客户端压缩：[u'none'，u'hmac-sha1-96'，u'hmac-md5-96']zlib@openssh.com“]服务器压缩：[u'none'，u'zlib@openssh.com']客户端语言：[u']服务器语言：[u']kex如下？False
调试：paramiko.transport：同意密码：本地=aes128 ctr，远程=aes128 ctr
调试：paramiko.transport:使用kex diffie-hellman-group14-sha1；服务器密钥类型ssh-rsa；密码：本地aes128 ctr，远程aes128 ctr；mac:本地hmac-sha1，远程hmac-sha1；压缩：本地无，远程无
调试：paramiko.transport:切换到新密钥。。。
调试：paramiko.transport:正在尝试SSH代理密钥e35b78f80bff41ce73484
调试：paramiko.transport:userauth正常
信息：paramiko。传输：身份验证（公钥）成功！
调试：paramiko.transport:[chan 0]最大数据包长度：32768字节
调试：paramiko.transport:[chan 0]最大数据包输出：32768字节
调试：paramiko。传输：已打开Secsh通道0。
调试：paramiko.transport:启动线程（客户端模式）：0xb6eacf10L
信息：paramiko.transport:Connected（版本2.0，客户端OpenSSH_6.2）
调试：paramiko.transport:kex算法：[u'ecdh-sha2-nistp256'，u'ecdh-sha2-nistp384'，u'ecdh-sha2-nistp521'，u'diffie-hellman-group-exchange-sha256'，u'diffie-hellman-group-exchange-sha1'，u'diffie-hellman-group1-sha1']服务器密钥：[u'ssh-rsa'，u'ssh-dss'，u'ecdsa-sha2-nistp256']客户端加密：[u'aes128-ctr'，u'aes192-ctr'，u'aes256-ctr'，u'arcfour256'，u'arcfour128'，u'aes128-gcm@openssh.com’，u'aes256-gcm@openssh.com'u'aes128-cbc'，u'3des-cbc'，u'blowfish-cbc'，u'cast128-cbc'，u'aes192-cbc'，u'aes256-cbc'，u'arcfour'，u'rijndael-cbc@lysator.liu.se“]服务器加密：[u'aes128-ctr'，u'aes192-ctr'，u'aes256-ctr'，u'arcfour256'，u'arcfour128'，u'aes128-gcm@openssh.com’，u'aes256-gcm@openssh.com'u'aes128-cbc'，u'3des-cbc'，u'blowfish-cbc'，u'cast128-cbc'，u'aes192-cbc'，u'aes256-cbc'，u'arcfour'，u'rijndael-cbc@lysator.liu.se“]客户端mac:[u'hmac-md5-etm@openssh.com，u'hmac-sha1-etm@openssh.com，u'umac-64-etm@openssh.com，u'umac-128-etm@openssh.com，u'hmac-sha2-256-etm@openssh.com，u'hmac-sha2-512-etm@openssh.com，u'hmac-ripemd160-etm@openssh.com，u'hmac-sha1-96-etm@openssh.com，u'hmac-md5-96-etm@openssh.com'u'hmac-md5'，u'hmac-sha1'，u'umac-64@openssh.com’，u'umac-128@openssh.com'，u'hmac-sha2-256'，u'hmac-sha2-512'，u'hmac-ripemd160'，u'hmac-ripemd160@openssh.com“，u'hmac-sha1-96'，u'hmac-md5-96']服务器mac:[u'hmac-md5-etm@openssh.com，u'hmac-sha1-etm@openssh.com，u'umac-64-etm@openssh.com，u'umac-128-etm@openssh.com，u'hmac-sha2-256-etm@openssh.com，u'hmac-sha2-512-etm@openssh.com，u'hmac-ripemd160-etm@openssh.com，u'hmac-sha1-96-etm@openssh.com，u'hmac-md5-96-etm@openssh.com'u'hmac-md5'，u'hmac-sha1'，u'umac-64@openssh.com’，u'umac-128@openssh.com'，u'hmac-sha2-256'，u'hmac-sha2-512'，u'hmac-ripemd160'，u'hmac-ripemd160@openssh.com'客户端压缩：[u'none'，u'hmac-sha1-96'，u'hmac-md5-96']zlib@openssh.com“]服务器压缩：[u'none'，u'zlib@openssh.com']客户端语言：[u']服务器语言：[u']kex如下？False
调试：paramiko.transport：同意密码：本地=aes128 ctr，远程=aes128 ctr
调试：paramiko.transport:使用kex diffie-hellman-group14-sha1；服务器密钥类型ssh-rsa；密码：本地aes128 ctr，远程aes128 ctr；mac:本地hmac-sha1，远程hmac-sha1；压缩：本地无，远程无
调试：paramiko.transport:切换到新密钥。。。
调试：paramiko.transport:为ec2添加ssh rsa主机密钥-.compute.amazonaws.com:4fb538579c5f
调试：paramiko.transport:正在尝试SSH代理密钥e35b78f1484
调试：paramiko.transport:userauth正常
信息：paramiko。传输：身份验证（公钥）失败。
调试：paramiko.transport:尝试在/home/matt/.ssh/id_rsa中发现密钥e35b78484
调试：paramiko.transport:userauth正常
信息：paramiko。传输：身份验证（公钥）失败。
[ec2-.compute.amazonaws.com]用户的登录密码：

---

看起来paramiko正在尝试使用我的本地计算机上的密钥文件。如何让fabric使用网关计算机上的密钥文件？

测试您是否可以使用网关连接到EC2实例：

如果这样做有效，那么您可以使用以下内容配置

~/.ssh/config

：

Host ec2
    HostName X.X.X.X 
    ProxyJump user@gateway:22
    User matt

Host X.X.X.*
    ProxyJump user@gateway:22

然后在

fabric

中作为主机

ec2

，以防您有多个inst

Host ec2
    HostName X.X.X.X 
    ProxyJump user@gateway:22
    User matt

Host X.X.X.*
    ProxyJump user@gateway:22