问题
服务器无法通过 ssh 登录,出现以下错误。
从 ssh 客户端:
$ ssh -vvv root@10.131.12.10 OpenSSH_7.6p1, LibreSSL 2.6.2 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for * debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.131.12.10 port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /Users/yaozhenqiang/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yaozhenqiang/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yaozhenqiang/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yaozhenqiang/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yaozhenqiang/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yaozhenqiang/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yaozhenqiang/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yaozhenqiang/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.6 ssh_exchange_identification: read: Connection reset by peer
从 ssh 服务器:
# /usr/sbin/sshd -D -ddd ....snip.... debug1: Bind to port 22 on ::. Server listening on :: port 22. debug3: fd 5 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 8 config len 583 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 debug1: Connection refused by tcp wrapper
欢迎 on
it
road
解决方案
ssh 连接被 tcp 包装器拒绝。
要确定是否允许客户端计算机连接到 SSH,TCP 包装器会参考以下两个文件:
- /etc/hosts.deny
- /etc/hosts.allow
请按照以下步骤确定 ssh 客户端的哪个 IP 地址被 TCP 包装器拒绝:
注释掉 /etc/hosts.deny 和 /etc/hosts.allow 中的所有行
现在ssh登录应该可以正常工作了:
$ ssh root@10.131.12.10 root@10.131.12.10's password: Last login: Fri Mar 16 11:14:44 2018 from server1
转到ssh服务器,打开/var/log/secure并导航到步骤2中显示的时间戳“Last login: Fri Mar 16 11:14:44 2018”周围的消息,然后我们可以获取IP地址 之前被 TCP 包装器拒绝的 ssh 客户端。
恢复 /etc/hosts.deny 和 /etc/hosts.allow 并在 /etc/hosts.allow 中添加以下行(假设 192.168.1.2 是我们在步骤 3 中获得的 IP 地址)
# vi /etc/hosts.allow sshd:192.168.1.2:allow
- 验证 ssh 登录是否有效。
日期:2020-09-17 00:14:11 来源:oir作者:oir