问题描述
我需要一个从运行 Windows 10 的本地计算机到 AWS EC2 主机的 ssh 隧道,以便通过 Java Mission Control 监控 java 进程。为此,我遵循了无数指南,例如http://issamben.com/how-to-monitor-remote-jvm-over-ssh/。我使用的参数是所有这些指南的组合。主机上的 Java 进程使用以下 jvm 参数在 Java 8 上运行:
-XX:+UnlockCommercialFeatures
-XX:+FlightRecorder
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=9405
-Djava.rmi.server.hostname=10.0.1.1
-Dcom.sun.management.jmxremote.rmi.port=9415
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
我检查进程是否真的在监听 JMX 端口
nc -z localhost 9405
告诉我
Connection to localhost 9405 port [tcp/*] succeeded!
到目前为止一切顺利。现在让我们进入隧道。我正在使用 JMC 的测试连接功能来检查隧道是否正常工作:
以下命令用于建立隧道:
ssh -l ec2-user -i .\ec2key.pem 46.123.23.231 -v -N -L localhost:9405:10.0.1.2:9405
46.123.23.231 自然是 EC2 实例的公共 IP。 10.0.1.2 是我的 VPC 中 EC2 实例的内部 IP。我可以通过 ssh 成功连接到实例,仅使用“-v”之前的命令的第一部分,或者如果我只是省略“-N”。所以我的安全组似乎根据需要进行了配置。
让我给你看看 ssh 的输出:
debug1: Reading configuration data C:\\Users\\User/.ssh/config
debug1: Connecting to 46.123.23.231 [46.123.23.231] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file .\\ec2key.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file .\\ec2key.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0,remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 46.123.23.231:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fkfgiekugo2iskelgioxq9itlkcs/KVISmiofjsaFSADf
debug1: Host '46.123.23.231' is kNown and matches the ECDSA host key.
debug1: Found key in C:\\Users\\User/.ssh/kNown_hosts:7
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: .\\ec2key.pem
debug1: Authentication succeeded (publickey).
Authenticated to 46.123.23.231 ([46.123.23.231]:22).
debug1: Local connections to localhost:9405 forwarded to remote address 10.0.1.2:9405
debug1: Local forwarding listening on ::1 port 9405.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 9405.
debug1: channel 1: new [port listener]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
点击 JMC 中的测试连接按钮产生:
debug1: Connection to port 9405 forwarding to 10.0.1.2 port 9405 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 9405 for 10.0.1.2 port 9405,connect from 127.0.0.1 port 53929 to 127.0.0.1 port 9405,nchannels 3
debug1: Connection to port 9405 forwarding to 10.0.1.2 port 9405 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 9405 for 10.0.1.2 port 9405,connect from 127.0.0.1 port 53931 to 127.0.0.1 port 9405,connect from 127.0.0.1 port 53934 to 127.0.0.1 port 9405,nchannels 3
并且 JMC 告诉我“无法连接”而没有任何特定的错误消息。我在主机上配置了 ssh-daemon
AllowTcpForwarding yes
我还尝试使用自定义 JMX 服务 URL:
service:jmx:rmi://localhost:9415/jndi/rmi://localhost:9405/jmxrmi
我错过了什么?
编辑:一些网站建议 jmc 使用的连接会打开一些随机端口,这就是它不能通过 frirewalls 使用的原因。所以我试图模仿这里建议的开箱即用的管理:https://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html。
所以也很成功。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)