ssh ipv6-连接超时

ssh ipv6-连接超时

我在通过 IPv6 连接到 VPS 时遇到“连接超时”问题。sshd_config 正常,netstat 告诉我:

# netstat -natp | grep :22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      29668/sshd      
tcp6       0      0 :::22                   :::*                    LISTEN      29668/sshd      

我需要额外的配置吗?

附加信息:

ssh -vvv6 <FQDN>
OpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g-fips  1 Mar 2016
debug1: Reading configuration data ~/.ssh/config
debug1: ~/.ssh/config line 5: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "<FQDN>" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to <FQDN> [*************] port 22.
debug1: connect to address ************* port 22: Connection timed out
ssh: connect to host <FQDN> port 22: Connection timed out

答案1

我最近遇到了这个错误,并确定将 IPv6 地址放在括号内会导致 ssh 将 IPv6 地址解释为 FQDN 并执行 DNS 查找。

OP 在调用 ssh 时可能使用了括号。

ssh -vvv6 zzz@[3ffc:1900::dead:bea7:dad]
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/zzz/.ssh/config
debug1: /Users/zzz/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "[3ffc:1900::dead:bea7:dad]" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to [3ffc:1900::dead:bea7:dad] [xxxx:xxxx:xxxx::1] port 22.
debug1: connect to address xxxx:xxxx:xxxx::1 port 22: Operation timed out

预期的 [IPv6] 解析为错误的 IP 地址。相反,删除 IPv6 地址周围的括号:

ssh -vvv6 zzz@3ffc:1900::dead:bea7:dad
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/zzz/.ssh/config
debug1: /Users/zzz/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "3ffc:1900::dead:bea7:dad" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 3ffc:1900::dead:bea7:dad [3ffc:1900::dead:bea7:dad] port 22.

如果它是一个合法地址,后一个例子就会起作用。

解决方案:连接到 IPv6 地址时删除括号。

相关内容