我的局域网上有一台 Ubuntu 12.10 机器,所有 ssh 连接都超时了。我们称之为“F”(失败!)
同一 LAN 上的另外两台机器“A”和“B”可以互相连接。我还可以从 F ssh 到 A。因此,我认为不存在网络配置问题。问题似乎仅限于机器 F。
根据其他论坛的答案,我验证并尝试了以下内容。
验证 sshd 是否正在运行并监听端口 22:
F$ ps -A | grep sshd
853 ? 00:00:00 sshd
F$ sudo ss -lnp | grep sshd
LISTEN 0 128 :::22 :::* users:(("sshd",4244,4))
LISTEN 0 128 *:22 *:* users:(("sshd",4244,3))
F$ sudo lsof -i | grep ssh
sshd 4244 root 3u IPv4 53321 0t0 TCP *:ssh (LISTEN)
sshd 4244 root 4u IPv6 53323 0t0 TCP *:ssh (LISTEN)
ssh 5244 michael 3u IPv4 82208 0t0 TCP localhost:40209->cubebot:ssh (ESTABLISHED)
sshd 5245 root 3u IPv4 83301 0t0 TCP cubebot:ssh->localhost:40209 (ESTABLISHED)
sshd 5362 michael 3u IPv4 83301 0t0 TCP cubebot:ssh->localhost:40209 (ESTABLISHED)
F$ netstat -nat | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.28:41782 74.125.225.209:443 ESTABLISHED
tcp 0 0 192.168.1.28:47576 74.125.142.125:5222 ESTABLISHED
tcp 0 0 192.168.1.28:54925 91.189.89.122:443 ESTABLISHED
tcp 0 0 192.168.1.28:54762 74.125.225.167:443 ESTABLISHED
tcp 0 0 192.168.1.28:48473 74.125.225.181:443 ESTABLISHED
tcp 0 0 192.168.1.28:36177 74.125.225.198:443 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
尝试 telnet:
A$ telnet F 22
Trying 192.168.1.28...
telnet: Unable to connect to remote host: Connection timed out
ssh 也发生了同样的事情。F 的 IP 地址是正确的:
F$ ifconfig
wlan1 Link encap:Ethernet HWaddr 00:1a:70:3b:58:2e
inet addr:192.168.1.28 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21a:70ff:fe3b:582e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22070 errors:0 dropped:0 overruns:0 frame:0
TX packets:15344 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12137460 (12.1 MB) TX bytes:2564022 (2.5 MB)
主持人看起来正确:
F$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 cubebot
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
其中 cubebot 是机器‘F’并且主机名正确:
$ cat /etc/hostname
cubebot
在机器 F 上使用 localhost 和 hostname 均可行:
F$ ssh localhost
Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-31-generic x86_64)
F$ ssh cubebot
Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-31-generic x86_64)
输出sudo iptables -L -nv:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
65 8910 ACCEPT tcp -- * * 127.0.1.1 0.0.0.0/0 tcpflags:! 0x17/0x02
4468 479K ACCEPT udp -- * * 127.0.1.1 0.0.0.0/0
4850 337K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4 336 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
2139 384K DROP all -- wlan1 * 0.0.0.0/0 255.255.255.255
1898 327K DROP all -- * * 0.0.0.0/0 192.168.1.255
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
1 40 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LSI all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
674K 975M INBOUND all -- wlan1 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Unknown Input"
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Unknown Forward"
Chain OUTPUT (policy DROP 524 packets, 88964 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.1.28 127.0.1.1 tcp dpt:53
0 0 ACCEPT udp -- * * 192.168.1.28 127.0.1.1 udp dpt:53
9383 825K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
49 3372 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
383K 20M OUTBOUND all -- * wlan1 0.0.0.0/0 0.0.0.0/0
524 88964 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
524 88964 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Unknown Output"
Chain INBOUND (1 references)
pkts bytes target prot opt in out source destination
669K 974M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4883 511K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 192.168.1.14 0.0.0.0/0
76 5013 LSI all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOG_FILTER (5 references)
pkts bytes target prot opt in out source destination
Chain LSI (2 references)
pkts bytes target prot opt in out source destination
76 5013 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
44 2640 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
44 2640 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x04
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
32 2373 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
32 2373 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LSO (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix "Outbound "
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTBOUND (1 references)
pkts bytes target prot opt in out source destination
4 336 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
375K 20M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
331 25140 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
7583 563K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
我现在完全没有主意了(也没有有用的链接)。任何/所有建议、提示或鼓励的同情之言都会很感激!
欢呼吧,迈克
答案1
这是由 Firestarter 引起的,我甚至忘记了这台机器上安装了它。删除它并重新启动即可解决问题。