我在通过 IPv6 连接到 VPS 时遇到“连接超时”问题。sshd_config 正常,netstat 告诉我:
# netstat -natp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 29668/sshd
tcp6 0 0 :::22 :::* LISTEN 29668/sshd
我需要额外的配置吗?
附加信息:
ssh -vvv6 <FQDN>
OpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g-fips 1 Mar 2016
debug1: Reading configuration data ~/.ssh/config
debug1: ~/.ssh/config line 5: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "<FQDN>" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to <FQDN> [*************] port 22.
debug1: connect to address ************* port 22: Connection timed out
ssh: connect to host <FQDN> port 22: Connection timed out
答案1
我最近遇到了这个错误,并确定将 IPv6 地址放在括号内会导致 ssh 将 IPv6 地址解释为 FQDN 并执行 DNS 查找。
OP 在调用 ssh 时可能使用了括号。
ssh -vvv6 zzz@[3ffc:1900::dead:bea7:dad]
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/zzz/.ssh/config
debug1: /Users/zzz/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "[3ffc:1900::dead:bea7:dad]" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to [3ffc:1900::dead:bea7:dad] [xxxx:xxxx:xxxx::1] port 22.
debug1: connect to address xxxx:xxxx:xxxx::1 port 22: Operation timed out
预期的 [IPv6] 解析为错误的 IP 地址。相反,删除 IPv6 地址周围的括号:
ssh -vvv6 zzz@3ffc:1900::dead:bea7:dad
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/zzz/.ssh/config
debug1: /Users/zzz/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "3ffc:1900::dead:bea7:dad" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 3ffc:1900::dead:bea7:dad [3ffc:1900::dead:bea7:dad] port 22.
如果它是一个合法地址,后一个例子就会起作用。
解决方案:连接到 IPv6 地址时删除括号。