我正在尝试通过 ssh 从我的 macbook 客户端连接到我的 Ubuntu 服务器。端口 22 已打开,并且服务器不在路由器后面。
我已经运行了sudo tcpdump -i any port 22 -n -Q inout
根据帖子末尾的日志显示请求正在到达服务器:
过了一会儿,在客户端,我收到以下消息:
ssh_dispath_run_fatal:连接到 IP 50.XX.XXX.53 端口 22:操作超时
这是来自 tcpdump 的日志:
12:04:23.146323 IP 50.XX.XXX.53.22 > 50.XX.XXX.181.54440: Flags [P.], seq 1:1098, ack 22, win 509, options [nop,nop,TS val 3036629512 ecr 291479258], length 1097
12:04:23.610318 IP 50.XX.XXX.53.22 > 50.XX.XXX.181.54440: Flags [P.], seq 1:1098, ack 22, win 509, options [nop,nop,TS val 3036629976 ecr 291479258], length 1097
12:04:24.538367 IP 50.XX.XXX.53.22 > 50.XX.XXX.181.54440: Flags [P.], seq 1:1098, ack 22, win 509, options [nop,nop,TS val 3036630904 ecr 291479258], length 1097
12:04:26.394273 IP 50.XX.XXX.53.22 > 50.XX.XXX.18*1.54440: Flags [P.], seq 1:1098, ack 22, win 509, options [nop,nop,TS val 3036632760 ecr 291479258], length 1097
12:04:30.170283 IP 50.XX.XXX.53.22 > 50.XX.XXX.181.54440: Flags [P.], seq 1:1098, ack 22, win 509, options [nop,nop,TS val 3036636536 ecr 291479258], length 1097
12:04:37.594251 IP 50.XX.XXX.53.22 > 50.XX.XXX.181.54440: Flags [P.], seq 1:1098, ack 22, win 509, options [nop,nop,TS val 3036643960 ecr 291479258], length 1097
防火墙状态:
~$ sudo ufw status
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
3309 ALLOW Anywhere
3306 ALLOW Anywhere
22/tcp ALLOW Anywhere
3306/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
3309 (v6) ALLOW Anywhere (v6)
3306 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
3306/tcp (v6) ALLOW Anywhere (v6)
SSH 服务器状态:
~$ sudo service ssh status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
Active: active (running) since Tue 2020-12-15 10:12:35 PST; 2 days ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1095 (sshd)
Tasks: 3 (limit: 14301)
Memory: 10.8M
CGroup: /system.slice/ssh.service
├─ 1095 sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
├─35862 sshd: [accepted]
└─35863 sshd: [net]
Dec 17 12:09:47 dell sshd[35481]: Received disconnect from 221.131.165.119 port 64023:11: [preauth]
Dec 17 12:09:47 dell sshd[35481]: Disconnected from authenticating user root 221.131.165.119 port 64023 [preauth]
Dec 17 12:11:10 dell sshd[35604]: Unable to negotiate with 112.85.42.110 port 18630: no matching key exchange method found. Their >
Dec 17 12:12:57 dell sshd[35651]: Received disconnect from 221.181.185.18 port 33792:11: [preauth]
Dec 17 12:12:57 dell sshd[35651]: Disconnected from authenticating user root 221.181.185.18 port 33792 [preauth]
Dec 17 12:15:21 dell sshd[35753]: Unable to negotiate with 218.92.0.165 port 9913: no matching key exchange method found. Their of>
Dec 17 12:15:37 dell sshd[35765]: Received disconnect from 222.187.238.87 port 42340:11: [preauth]
Dec 17 12:15:37 dell sshd[35765]: Disconnected from authenticating user root 222.187.238.87 port 42340 [preauth]
Dec 17 12:18:32 dell sshd[35879]: Received disconnect from 222.187.232.73 port 34770:11: [preauth]
Dec 17 12:18:32 dell sshd[35879]: Disconnected from authenticating user root 222.187.232.73 port 34770 [preauth]
~*
所以我运行了:ssh [email protected] -vvv
OpenSSH_8.4p1, OpenSSL 1.1.1h 22 Sep 2020
debug1: Reading configuration data /Users/augusto/.ssh/config
debug1: /Users/augusto/.ssh/config line 21: Applying options for *
debug1: /Users/augusto/.ssh/config line 24: Ignored unknown option "usekeychain"
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/augusto/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/augusto/.ssh/known_hosts2'
debug2: resolving "server.mydomian.ca" port 22
debug2: ssh_connect_direct
debug1: Connecting to server.mydomian.ca [50.68.XXX.53] port 22.
debug1: Connection established.
debug1: identity file /Users/augusto/.ssh/id_rsa type 0
debug1: identity file /Users/augusto/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to server.mydomain.ca:22 as 'augusto'
debug3: hostkeys_foreach: reading file "/Users/augusto/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
ssh_dispatch_run_fatal: Connection to 50.68.XXX.53 port 22: Operation timed out
服务器使用公共 IP,而 Mac 客户端位于路由器后面。