我正在尝试在 Windows 10 上使用 OpenSSH 设置 ssh 服务器。在我的其中一台计算机上,我已经能够设置服务器并成功从同一台机器登录。
在另一台计算机上,尽管在类似的 Windows 10 系统中具有相同的默认设置,但 SSH 会话似乎立即终止。
使用 命令提示符 登录后ssh -vvv localhost,输入密码后显示以下信息:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password).
Authenticated to localhost ([::1]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting [email protected]
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IPV6_TCLASS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
debug3: send packet: type 1
Connection to localhost closed.
Transferred: sent 2168, received 4052 bytes, in 0.9 seconds
Bytes per second: sent 2501.0, received 4674.3
debug1: Exit status 255
以下是 sshd_config 设置:
# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
# Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh_host_rsa_key
#HostKey /etc/ssh_host_dsa_key
#HostKey /etc/ssh_host_ecdsa_key
#HostKey /etc/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
LogLevel DEBUG3
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCreds yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of 'PermitRootLogin without-password'.
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# default banner path
Banner /etc/banner.txt
# override default of no subsystems
Subsystem sftp /usr/sbin/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
我看过一些帖子建议我打开日志记录以获取更多信息。但是,我不知道如何实现这一点。出现的日志文件都C:\Program Files\OpenSSH\var\log没有任何信息,我也不知道日志可能在哪里,或者如何启用它们。
如果您有任何关于如何解决我的问题或至少启用日志记录的建议,请告诉我。谢谢!
答案1
配置 OpenSSH 以记录到文件
导航到 C:\ProgramData\ssh 并编辑 sshd_config 文件。
在日志记录部分执行以下操作:
# Logging SyslogFacility LOCAL0 LogLevel DEBUG3重新启动“OpenSSH SSH Server”服务。
现在,您将在“C:\ProgramData\ssh\logs\sshd.log”文件中看到日志消息。
我的解决方案
我在设置时遇到了完全相同的错误OpenSSH在 Windows Server 2012R2 上。浪费了这么多时间后,我找到了解决方案,方法是将“C:\Program Files\OpenSSH”添加到 PATH 环境变量并重新启动 ssh 服务。它非常有效 :)
希望这对某人有帮助。
答案2
鉴于“身份验证成功”消息,我们知道 SSH 服务器可以准确识别用户,这在一定程度上缩小了问题范围。
在此之后,它会尝试设置外壳,但这就是它失败的地方(我认为)。
因此,从非常广泛的角度来看,除了 SSH 服务问题之外,我还将考虑其他可能性本身。
这可能有很多种,但有些想法是:
禁止用户(或任何用户)创建远程会话的用户或系统级安全设置。换句话说,即使用户拥有正确的密码,如果系统不想让他们进入,那也没关系。
用户初始化脚本中存在一些错误。我不知道这在 Windows 中是如何工作的,但在 Linux 中,用户主目录中有一些特殊文件(名称取决于 shell),这些文件会在登录时立即调用。如果其中一个文件包含关闭 shell 的命令,则它将阻止用户登录,而不会显示错误。
缩小问题范围的一个方法是登录目标机器,然后尝试以该帐户 ssh 到 localhost。如果成功,那么您可以推测这与从远程机器连接有关。
但不幸的是,正如你通过谷歌搜索发现的那样,这里可能存在很多问题。所以上面的内容可能并不准确...