尽管 ping 正常,但我们无法从一台 Linux 服务器 ssh 到另一台服务器。
调试时,我们发现 ssh 卡住了debug1: SSH2_MSG_KEXINIT sent
,无法访问SSH2_MSG_NEWKEYS received
我们该如何解释呢?
到目前为止,我们检查了以下内容:
端口 22 - 已打开(通过 telnet 验证),防火墙已停止,在 iptables 上也是如此
ssh -v 10.12.187.23
OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to localhost [10.12.187.23] port 22.
debug1: Connection established.
debug1: identity file /cygdrive/c/.ssh/identity type 0
debug1: identity file /cygdrive/c/.ssh/id_rsa type 1
debug1: identity file /cygdrive/c/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p1
debug1: match: OpenSSH_3.6.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1
debug1: SSH2_MSG_KEXINIT sent
其他例子
ssh -vv worker01
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to worker01 [102.164.35.64] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent