我正在尝试从我的笔记本电脑(macbookpro)到我的 iphone 建立 ssh 连接。当尝试将密钥从笔记本电脑复制到 iphone 时,出现以下情况:
$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/local/bin/ssh-copy-id: ERROR: ssh_exchange_identification: Connection closed by remote host
当尝试使用密码验证进行 ssh 时,结果基本相同:
$ ssh -vvv [email protected]
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to iphone.local [192.168.1.53] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/Andryuwka/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /Users/Andryuwka/.ssh/id_rsa type 1
debug1: identity file /Users/Andryuwka/.ssh/id_rsa-cert type -1
debug1: identity file /Users/Andryuwka/.ssh/id_dsa type -1
debug1: identity file /Users/Andryuwka/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
ssh_exchange_identification: Connection closed by remote host
扫描我的 iPhone 的 22 端口得到以下结果:
$ sudo nmap -sS -sV -p 22 iphone.local
Password:
Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-09 14:43 PDT
Nmap scan report for iphone.local (192.168.1.53)
Host is up (0.096s latency).
PORT STATE SERVICE VERSION
22/tcp open tcpwrapped
MAC Address: D8:BB:2C:83:F8:84 (Unknown)
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.45 seconds
端口的“tcpwrapped”状态而不是 OpenSSH 版本确实很奇怪和令人困惑...但我相信它表明服务器配置有问题。
密钥没问题,因为我可以使用它们成功连接到另一台主机。尝试生成另一个密钥 - 没有进行任何更改。
iPhone在 /etc/ssh/sshd_config 中:
SyslogFacility AUTHPRIV
#LogLevel INFO
PermitRootLogin yes
#PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
GSSAPIStrictAcceptorCheck yes
GSSAPIKeyExchange no
UsePrivilegeSeparation sandbox # Default for new installations.
AcceptEnv LANG LC_*
Subsystem sftp /usr/libexec/sftp-server
有什么问题?有人能给我指出正确的方向吗?
iPhone上的OpenSSH版本:
$ ssh -V
OpenSSH 6.7p1, OpenSSL 0.9.8zg 11 Jun 2015
我相信我正确启动了该过程
# launchctl load /Library/LaunchDaemons/com.openssh.sshd.plist
我已经尝试删除已知主机和所有/etc/ssh/ssh_host_在 iphone 上......没主意了。((
更新
尝试过这个:
$ telnet iphone.local 22
Trying 192.168.1.53...
Connected to iphone.local.
Escape character is '^]'.
Connection closed by foreign host.
==> 没有 sshd 横幅。
编辑
我已经检查过该服务器是否在我的 iPhone 上运行:
ps aux | grep [s]shd
我应该得到如下的一行:
root 749 0.0 0.0 55164 5428 ? Ss Aug09 0:00 /usr/sbin/sshd -D
但我没有。这似乎是我的问题。现在我必须找出如何在 iOS 上启动该过程。
答案1
好的,我们继续往下看:
您的 ssh 连接尝试输出提到此错误:
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/Andryuwka/.ssh/id_rsa" as a RSA1 public key
- 该文件存在吗?
- 此身份是否可用于登录其他主机(=未损坏)
- 如果您移动此身份并使用 ssh-keygen 生成一个新身份,是否仍会收到相同的错误?
关于 nmap 输出:
你知道吗https://secwiki.org/w/FAQ_tcpwrapped:“具体来说,这意味着完整的 TCP 握手已经完成,但远程主机在没有收到任何数据的情况下关闭了连接。”
==> 当您执行以下操作时,是否会收到 SSH 服务器横幅:
telnet iphone.local 22
? 应该看起来像:
# telnet localhost 22
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_<SomeVersionNumer>
==> 您可以使用 iPhone 上的 SSH 客户端连接到 iPhone 上的 SSH 服务器吗?
==> 如果没有,您能否确认该进程正在 iPhone 上运行?例如:
ps aux | grep [s]shd
你应该得到如下一行:
root 749 0.0 0.0 55164 5428 ? Ss Aug09 0:00 /usr/sbin/sshd -D
如果没有,那就是你的问题:没有 sshd 正在运行