Я нахожусь на машине с Windows 10 Pro и пытаюсь подключиться к экземпляру RDS SQL Server путем перенаправления портов через экземпляр EC2 бастиона. Я использую клиент OpenSSH на своем компьютере с Windows.
SSH-соединение устанавливается следующим образом:
ssh -v -L 1445:sqlserver-web-live.cwhhkwmtzf66.ap-southeast-2.rds.amazonaws.com:1433 ec2-user@ec2-53-63-168-176.ap-southeast-2.compute.amazonaws.com -i 'D:\temp\keypair_bastian.pem'
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Connecting to ec2-53-63-168-176.ap-southeast-2.compute.amazonaws.com [53.63.168.176] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file D:\\temp\\keypair_bastian.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file D:\\temp\\keypair_bastian.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ec2-53-63-168-176.ap-southeast-2.compute.amazonaws.com:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:5AAuuWRRfbrdc0k9t9F5Rm7kxio9rIOa1f3tkb6hNj9
debug1: Host 'ec2-53-63-168-176.ap-southeast-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\cbp/.ssh/known_hosts:4
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: D:\\temp\\keypair_bastian.pem
debug1: Authentication succeeded (publickey).
Authenticated to ec2-53-63-168-176.ap-southeast-2.compute.amazonaws.com ([53.63.168.176]:22).
debug1: Local connections to LOCALHOST:1445 forwarded to remote address sqlserver-web-live.cwhhkwmtzf66.ap-southeast-2.rds.amazonaws.com:1433
debug1: Local forwarding listening on ::1 port 1445.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 1445.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: console supports the ansi parsing
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
1 package(s) needed for security, out of 7 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-10-32-36-113 ~]$
С бастиона я могу подключиться к экземпляру RDS через Telnet:
[ec2-user@ip-10-32-36-113 ~]$ telnet sqlserver-web-live.cwhhkwmtzf66.ap-southeast-2.rds.amazonaws.com 1433
Trying 10.32.53.7...
Connected to sqlserver-web-live.cwhhkwmtzf66.ap-southeast-2.rds.amazonaws.com.
Escape character is '^]'.
Итак, теперь на моем локальном компьютере с Windows я открываю клиент telnet Windows и пытаюсь подключиться к localhost: 1445. Тем временем на бастионе он замечает соединение и, похоже, правильно перенаправляет его на экземпляр RDS:
debug1: Connection to port 1445 forwarding to sqlserver-web-live.cwhhkwmtzf66.ap-southeast-2.rds.amazonaws.com port 1433 requested.
debug1: channel 3: new [direct-tcpip]
Однако время ожидания клиента telnet истекает при подключении. Точно так же, если я попытаюсь подключиться к localhost: 1445 через Sql Server Management Studio (с указанным именем пользователя и паролем) - соединение никогда не устанавливается и в конечном итоге истекает.
Что могло пойти не так?