无法通过 ssh 连接到计算机。出站 ssh 有效。sshd 正在端口 22 上运行

无法通过 ssh 连接到计算机。出站 ssh 有效。sshd 正在端口 22 上运行

我的局域网上有一台 Ubuntu 12.10 机器,所有 ssh 连接都超时了。我们称之为“F”(失败!)

同一 LAN 上的另外两台机器“A”和“B”可以互相连接。我还可以从 F ssh 到 A。因此,我认为不存在网络配置问题。问题似乎仅限于机器 F。

根据其他论坛的答案,我验证并尝试了以下内容。

验证 sshd 是否正在运行并监听端口 22:

F$ ps -A | grep sshd
853 ?        00:00:00 sshd

F$ sudo ss -lnp | grep sshd
LISTEN     0      128                      :::22                      :::*      users:(("sshd",4244,4))
LISTEN     0      128                       *:22                       *:*      users:(("sshd",4244,3))

F$ sudo lsof -i | grep ssh
sshd      4244    root    3u  IPv4  53321      0t0  TCP *:ssh (LISTEN)
sshd      4244    root    4u  IPv6  53323      0t0  TCP *:ssh (LISTEN)
ssh       5244 michael    3u  IPv4  82208      0t0  TCP localhost:40209->cubebot:ssh (ESTABLISHED)
sshd      5245    root    3u  IPv4  83301      0t0  TCP cubebot:ssh->localhost:40209 (ESTABLISHED)
sshd      5362 michael    3u  IPv4  83301      0t0  TCP cubebot:ssh->localhost:40209 (ESTABLISHED)

F$ netstat -nat | grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 192.168.1.28:41782      74.125.225.209:443      ESTABLISHED
tcp        0      0 192.168.1.28:47576      74.125.142.125:5222     ESTABLISHED
tcp        0      0 192.168.1.28:54925      91.189.89.122:443       ESTABLISHED
tcp        0      0 192.168.1.28:54762      74.125.225.167:443      ESTABLISHED
tcp        0      0 192.168.1.28:48473      74.125.225.181:443      ESTABLISHED
tcp        0      0 192.168.1.28:36177      74.125.225.198:443      ESTABLISHED
tcp6       0      0 :::22                   :::*                    LISTEN     

尝试 telnet:

A$ telnet F 22
Trying 192.168.1.28...
telnet: Unable to connect to remote host: Connection timed out

ssh 也发生了同样的事情。F 的 IP 地址是正确的:

F$ ifconfig
wlan1     Link encap:Ethernet  HWaddr 00:1a:70:3b:58:2e  
          inet addr:192.168.1.28  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::21a:70ff:fe3b:582e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22070 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15344 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:12137460 (12.1 MB)  TX bytes:2564022 (2.5 MB)

主持人看起来正确:

F$ cat /etc/hosts
127.0.0.1   localhost
127.0.1.1   cubebot

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

其中 cubebot 是机器‘F’并且主机名正确:

$ cat /etc/hostname
cubebot

在机器 F 上使用 localhost 和 hostname 均可行:

F$ ssh localhost
Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-31-generic x86_64)

F$ ssh cubebot
Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-31-generic x86_64)

输出sudo iptables -L -nv

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   65  8910 ACCEPT     tcp  --  *      *       127.0.1.1            0.0.0.0/0            tcpflags:! 0x17/0x02
 4468  479K ACCEPT     udp  --  *      *       127.0.1.1            0.0.0.0/0           
 4850  337K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    4   336 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 10/sec burst 5
 2139  384K DROP       all  --  wlan1  *       0.0.0.0/0            255.255.255.255     
 1898  327K DROP       all  --  *      *       0.0.0.0/0            192.168.1.255       
    0     0 DROP       all  --  *      *       224.0.0.0/8          0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/8         
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0             
    1    40 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
0     0 LSI        all  -f  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 10/min burst 5
 674K  975M INBOUND    all  --  wlan1  *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Unknown Input"

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 10/sec burst 5
    0     0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Unknown Forward"

Chain OUTPUT (policy DROP 524 packets, 88964 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       192.168.1.28         127.0.1.1            tcp dpt:53
    0     0 ACCEPT     udp  --  *      *       192.168.1.28         127.0.1.1            udp dpt:53
 9383  825K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       224.0.0.0/8          0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/8         
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0             
   49  3372 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
 383K   20M OUTBOUND   all  --  *      wlan1   0.0.0.0/0            0.0.0.0/0           
  524 88964 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  524 88964 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Unknown Output"

Chain INBOUND (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 669K  974M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 4883  511K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       192.168.1.14         0.0.0.0/0           
   76  5013 LSI        all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOG_FILTER (5 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain LSI (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   76  5013 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   44  2640 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
   44  2640 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x02
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x04
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
   32  2373 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
   32  2373 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LSO (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix "Outbound "
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    4   336 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
 375K   20M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
  331 25140 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 7583  563K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

我现在完全没有主意了(也没有有用的链接)。任何/所有建议、提示或鼓励的同情之言都会很感激!

欢呼吧,迈克

答案1

这是由 Firestarter 引起的,我甚至忘记了这台机器上安装了它。删除它并重新启动即可解决问题。

相关内容