可以通过 ssh 从一个 VM1 连接到 VM2,但无法通过 ssh 从 VM2 连接到 VM1

可以通过 ssh 从一个 VM1 连接到 VM2,但无法通过 ssh 从 VM2 连接到 VM1

我有一个如下构建的网络架构:

  1. 一个名为 UbuntuLeft 的虚拟机
  2. 一个名为 CentOS 的虚拟机
  3. 虚拟机就是 Ubuntu 吧

所有虚拟机都有一个名为 enp0s3 的接口,连接到设备网络。

好的,关于这个网络架构,您的问题是什么或者需要什么帮助?

Yael Ben Hur 我有一个如下构建的网络架构:

  1. 一个名为 Ubuntu_Left 的虚拟机
  2. 一个名为 CentOS 的虚拟机
  3. 一个名为 Ubuntu_Right 的虚拟机

所有虚拟机都有一个名为 enp0s3 的接口,连接到设备网络。

Ubuntu_Left 有一个名为 enp0s8 的接口,它在它和 CentOS 之间创建了一个内部网络。该接口的 IP 地址是:193.168.1.1 CentOS 有一个名为 enp0s8 的接口,它在它和 Ubuntu_Left 之间创建了一个内部网络。该接口的 IP 地址是:193.168.1.2

Ubuntu_Right 有一个名为 enp0s8 的接口,它在它和 CentOS 之间创建了一个内部网络。该接口的 IP 地址是:193.168.2.1 CentOS 有一个名为 enp0s8 的接口,它在它和 Ubuntu_Left 之间创建了一个内部网络。该接口的 IP 地址是:193.168.2.2

因此,Ubuntu 机器在该架构中被视为终端设备。

我尝试通过 ssh 从每个 Ubuntu 连接到 CentOS,成功了。我尝试通过 ssh 从 Ubuntu_Right 连接到 Ubuntu_Left,成功了。但是,当尝试从 Ubuntu_Left 连接到 Ubuntu_Right 时,却无法连接。

我调试了两个连接,结果如下:

这是尝试使用 ssh 从 Left_Ubuntu 连接到 Right_Ubunt 的结果(不起作用):

OpenSSH_7.6p1 Ubuntu-4ubuntu0.7, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 193.168.2.1 [193.168.2.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 193.168.2.1:22 as 'username'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:t2vk80BAwRqZsX0J9Rkr3M6LB2sOLrTpNhZlodmH218
debug1: Host '193.168.2.1' is known and matches the ECDSA host key.
debug1: Found key in /home/username/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)

debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)

debug1: Next authentication method: publickey
debug1: Trying private key: /home/username/.ssh/id_rsa
debug1: Trying private key: /home/username/.ssh/id_dsa
debug1: Trying private key: /home/username/.ssh/id_ecdsa
debug1: Trying private key: /home/username/.ssh/id_ed25519
debug1: Next authentication method: password

这是尝试使用 ssh 从 Right_Ubuntu 连接到 Left_Ubuntu 的结果(有效):

OpenSSH_7.6p1 Ubuntu-4ubuntu0.7, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 193.168.1.1 [193.168.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 193.168.1.1:22 as 'username'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:gGMOCOu0gP1PUAJs87KRgZizeahcpCd3hWedCRXmasU
debug1: Host '193.168.1.1' is known and matches the ECDSA host key.
debug1: Found key in /home/username/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/username/.ssh/id_rsa
debug1: Trying private key: /home/username/.ssh/id_dsa
debug1: Trying private key: /home/username/.ssh/id_ecdsa
debug1: Trying private key: /home/username/.ssh/id_ed25519
debug1: Next authentication method: password

我注意到两次调试之间存在主要差异:

从右到左(有效):

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>

从左到右(无效):

debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>

我该如何修复它?

答案1

您有一个 ssh 配置问题,Ubuntu_Right要修复该问题,请执行以下操作,Ubuntu_Right像这样打开此文件,sudo nano /etc/ssh/sshd_config查找包含该内容的行,PasswordAuthentication必须像这样,PasswordAuthentication yes然后重新启动 ssh 服务器,sudo systemctl restart ssh现在Ubuntu_Right它应该可以工作了。

相关内容