我将专用服务器的路由器从 TP-Link 更改为 MikroTIK,并将路由器操作系统升级到 7.8,主机本身的配置没有改变,只有路由器发生了变化:我打开了端口 7346,用它来代替标准的 21 和 22 来连接到 sftp 和 ssh(d)。当我尝试通过控制台连接到 ssh 并使用以下命令时:
ssh -p 7346 [email protected]
几秒钟后,以下命令弹出:
ssh: connect to host 9x.xxx.xxx.xxx.xxx port 7346: Operation timed out
此外,如果我尝试使用以下命令登录:
ssh [email protected]
输出如下:
[email protected]'s password:
Received disconnect from 9x.xxx.xxx.xxx.xxx port 22:11: auth timeout
Disconnected from 9x.xxx.xxx.xxx.xxx port 22
从此消息中可以看出,当我未明确指定端口时,连接发生在端口 22 上并连接。但应注意,在主机上,在 ufw 状态中,端口 21 和 22 被阻止进行任何连接,并且服务本身在端口 7346 上的机器上运行。
在路由器 oc 中的路径 Ip -> Services 中,在选项卡 ssh 中默认端口为 22,如果将其更改为 7346,则在这种情况下带有隐式端口指示:
ssh [email protected]
输出如下:
ssh: connect to host 9x.xxx.xxx.xxx.xxx port 22: Connection refused
但是,如果我们明确输入端口:
ssh -p 7346 [email protected]
输出如下:
ssh: connect to host 9x.xxx.xxx.xxx.xxx port 7346: Operation timed out
在路径为/var/log/auth.log的日志中:
aNu nano onz
20:51:37 riven CRON[700]: pan_unix(cron: sesston): session closed for user root
/var /log/auth. log
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
9 20:51:37 riven systend-Logind[716]: Watching system buttons on /dev/Lnput/event (Power Button)
9 20:51:37 riven systend-logind[716]: Watching system buttons on /dev/input/event1 (Power Button)
9 20:51:37 riven systemd-logind[716]: Watching system buttons on /dev/Lnput/evento (Sleep Button)
9 20:51:37 riven systemd-logind[716]: Watching system buttons on /dev/input/event6 (COMPANY USB Device)
9 20:51:37 riven systend-logind[716]: Watching system buttons on /dev/Input/events (COMPANY USB Device Keyboard)
9 20:51:37 riven systemd-logind[716]: New seat seato.
9 20:51:38 riven sshd[1218]: Server listentng on 0.0.0.0 port 7346.
9 osses8 riven sshdarass Server listentno on sssdort73ab
9 20:51:38 riven gdm-launch-envtronnent]: pam_untx(gdm-launch-envtronment:sesston): sesston opened for user gd(uld-127) by (utd-0)
9 20:51:38 riven systend-logind[716]: New session c1 of user gdm.
9 20:51:38 riven systend: pan_untx(systend-user:sesston): sesston opened for user gd(utd=127) by (utd-0)
9 20:51:42 riven polkitd(authortty-local): Registered Authentication Agent for unix-session:c1 (system bus name :1.42 [/usr/btn/gnome-shell], object path /org/freedesktop
9 20:52:05 riven bus-daemon[698]: [system] Fatled to activate service 'org.bluez': timed out (service_start_tineout-25090ms)
Kit1/Authentications
9 20:53:30 riven gdm-password]: gkr-pan: unable to locate daemon control file
9 20:53:30 riven gdm-password]: gkr-pam: stashed password to try later in open session
Apr
9 20:53:30 riven gdm-password]: pan_untx(gdm-password:sesston): sesston opened for user riven (utd=1000) by (utd-0)
Apr
9 20:53:30 riven systend-Logind[716]: New sesston 3 of user riven.
Apr
9 20:53:30 riven system: pam uni(systemd-user:session): session opened for user riven(utd =1000) by (utd=0)
Apr
9 20:53:30 riven gdm-password]: gkr-pam: gnome-keyring-daemon started property and unlocked keyring
Apr
Apr
9 20:53:32 riven gnome-keyring daemon [3071]: The SSH agent was already inittalized
9 20:53:32 riven gnome-keyring-daemon[3071]: The Secret Service was already initialized
Apr
9 20:53:32 riven gnome-keyring-daemon[3071]: The PCS#11 component was already inftialized
Apr
9 20:53:33 riven polkitd(authority local): Registered Authentication Agent for unix-session:3 (systen bus nane :1.84 [/us/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAge
Apr
9 20:53:37 riven polkltd(authortty=local): Unregistered Authentlcatton Agent for untx-sesslon:c1 (system bus name :1.42, object path /org/freedesktop/PolicyKlt1/AuthenticattonAgent, locale en_US.UT
Apr
Apr
9 20:53:37 riven gdm-launch-envtronment]: pa_unix(gdm-launch-envtronment:session): session closed for user gdm
9 20:53:37 riven systemd-logind[716]: Sesston c1 logged out. Watting for processes to exit.
Apr
9 20:53:37 riven systend-logind[716]: Removed session c1.
Apr
Apr
9 20:53:42 riven Packageklt: uld 1000 Is trylng to obtaln org.freedesktop.packageklt.system-sources-refresh auth (only_trusted:o)
9 20:53:42 riven Packagekit: uid 1000 obtained auth for org. freedesktop .packagekit.system-sources-refresh
Apr
Apr
9 20:53:55 riven dbus-daemon[698]: [system] Falled to activate service 'org.bluez: timed out (service_start_timeout=25000ms)
9 20:54:43 riven plexec: pam unix(polkit-1:session): session opened for user root(utd=©) by (utd=1000)
Apr
9 20:54:43 riven prexec[7408]: riven: Executing command [USER-root] [TTY=unknown] [CWD=/home/riven] [COMMAND- /usr/11b/update-notifler /package-system-locked]
Apr
9 20:58:37 riven sudo:
riven : TTY=pts/0 ; PWD=/root; USER=root; COMMAND=/bin/bash
Apr
Apr
9 20:58:37 riven sudo: pan_untx(sudo-t:sesston): session opened for user root(uld=0) by (uld-1000)
9 21:06:07 riven sudo:
riven : TTY=pts/10; PWD=/root; USER=root ; COMMAND=/bin/bash
Apr
Apr
9 21:06:07 riven sudo: pan_untx(sudo-t:sesston): sesston opened for user root(uld-0) by (utd-1000)
9 21:17:01 riven CRON[10544]: pan_unix(cron:sesston): sesston opened for user root(utd-0) by (utd-0)
Apr
9 21:17:01 riven CRON[10544]: pam_unix(cron:session): session closed for user root
Apr
9 21:26:53 riven gdm-password]: gkr-pam: unlocked Login keyring
ADIS
Apr
9 21:30:01 riven CRON[11541]: pam_unix(cron:session): sesston opened for user root (utda0) by (utda0)
9 21:30:01 riven CRON[11541]: pan_untx(cron:sesston): sesston closed for user root
Apr
9 21:39:30 riven gom-password: akr-pam: untocked logn keyring
Apr
Apr
9 22:17:01 riven CRON[14547): pan_untx(cron:session): session opened for user root (utd-0) by (utd-0)
Apr
9 22:17:01 riven CRON[14547]: par_unix(cron:sesston): session closed for user root
Apr
9 22:30:01 riven CRON[15390]: pam_untx(cron:session):
sesston opened for user root(utd=0) by (utd-0)
9 22:30:01 riven CRON[15390]: pam_unix(cron: session): session closed for user root
9 22:42:45 riven gdm-password]: gkr-pam: unlocked logtn keyring
ufw中设置了以下参数:
netstat -plant | grep :22 输出:
->
ps aux | grep sshd 输出:
->
lsof -i 输出:
->
telnet localhost 7346(21,22)输出:
->
sudo systemctl status sshd 输出:
->
mikrotik防火墙:
->
mikrotik 服务端口:
->https://i.stack.imgur.com/g1fyt.jpg
最后,我想说的是,我尝试同时在 ubuntu (ufw) 和路由器上禁用防火墙 - 但没有成功。看来问题不在于防火墙。
我将非常感激您的帮助)
答案1
我通过添加 IP -> 防火墙 -> NAT 路径解决了这个问题:在端口转发中我只需选择 in.interface: ether1 显然没有这个数据包就无法到达正确的接口,而是转到其他接口。
