问题
Ubuntu 18.04
我有一个运行着的外部 VPS 服务器openssh-server 7.6p1
。我可以从许多不同的网络(除了一个特定客户端)通过 ssh 连接到此服务器。这个特定客户端在 上运行Ubuntu 16.04
着openssh 7.2p2
。
相关配置及日志
- 服务器 SSHD 配置 /
$ cat /etc/ssh/sshd_config | egrep -v "^$|^#"
Port 41232
LogLevel DEBUG3
AuthorizedKeysFile .ssh/authorized_keys
Subsystem sftp /usr/libexec/sftp-server
- 客户端 SSH 配置 /
$cat /etc/ssh/ssh_config | egrep -v "^$|^#"
Host *
StrictHostKeyChecking no
SendEnv LANG LC_*
NoHostAuthenticationForLocalhost yes
- SSH命令(服务器IP地址改变)
ssh -vvv -F /dev/null [email protected] -p 41232
产生以下日志:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /dev/null
debug2: resolving "12.215.24.089" port 41232
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 12.215.24.089 [12.215.24.089] port 41232.
debug1: Connection established.
debug1: identity file /home/saikat/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/saikat/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/saikat/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/saikat/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/saikat/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/saikat/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/saikat/.ssh/id_ed25519 type 4
debug1: key_load_public: No such file or directory
debug1: identity file /home/saikat/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
ssh_exchange_identification: read: Connection reset by peer
/var/log/auth.log
连接重置期间服务器上显示以下内容:
Jul 23 19:47:49 rohini sshd[3336]: debug3: fd 5 is not O_NONBLOCK
Jul 23 19:47:49 rohini sshd[3336]: debug1: Forked child 3725.
Jul 23 19:47:49 rohini sshd[3336]: debug3: send_rexec_state: entering fd = 8 config len 197
Jul 23 19:47:49 rohini sshd[3336]: debug3: ssh_msg_send: type 0
Jul 23 19:47:49 rohini sshd[3336]: debug3: send_rexec_state: done
Jul 23 19:47:49 rohini sshd[3725]: debug3: oom_adjust_restore
Jul 23 19:47:49 rohini sshd[3725]: debug1: Set /proc/self/oom_score_adj to 0
Jul 23 19:47:49 rohini sshd[3725]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Jul 23 19:47:49 rohini sshd[3725]: debug1: inetd sockets after dupping: 3, 3
Jul 23 19:47:49 rohini sshd[3725]: Connection from 124.56.232.23 port 10400 on 12.215.24.089 port 41232
Jul 23 19:47:49 rohini sshd[3725]: debug1: Client protocol version 2.0; client software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
Jul 23 19:47:49 rohini sshd[3725]: debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 pat OpenSSH* compat 0x04000000
Jul 23 19:47:49 rohini sshd[3725]: debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
Jul 23 19:47:49 rohini sshd[3725]: debug2: fd 3 setting O_NONBLOCK
Jul 23 19:47:49 rohini sshd[3725]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox
Jul 23 19:47:49 rohini sshd[3725]: debug2: Network child is on pid 3726
Jul 23 19:47:49 rohini sshd[3725]: debug3: preauth child monitor started
Jul 23 19:47:49 rohini sshd[3725]: debug3: privsep user:group 109:65534 [preauth]
Jul 23 19:47:49 rohini sshd[3725]: debug1: permanently_set_uid: 109/65534 [preauth]
Jul 23 19:47:49 rohini sshd[3725]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
Jul 23 19:47:49 rohini sshd[3725]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
Jul 23 19:47:49 rohini sshd[3725]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jul 23 19:47:49 rohini sshd[3725]: debug3: send packet: type 20 [preauth]
Jul 23 19:47:49 rohini sshd[3725]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jul 23 19:47:49 rohini sshd[3725]: Connection reset by 124.56.232.23 port 10400 [preauth]
Jul 23 19:47:49 rohini sshd[3725]: debug1: do_cleanup [preauth]
Jul 23 19:47:49 rohini sshd[3725]: debug1: monitor_read_log: child log fd closed
Jul 23 19:47:49 rohini sshd[3725]: debug3: mm_request_receive entering
Jul 23 19:47:49 rohini sshd[3725]: debug1: do_cleanup
Jul 23 19:47:49 rohini sshd[3725]: debug1: Killing privsep child 3726
Jul 23 19:47:49 rohini sshd[3725]: debug1: audit_event: unhandled event 12
tcpdump -i any -n -vvv src 124.56.232.23
SSH 尝试期间:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
11:35:00.268722 IP (tos 0x0, ttl 52, id 17296, offset 0, flags [DF], proto TCP (6), length 60)
124.56.232.23.10600 > 12.215.24.089.41232: Flags [S], cksum 0x1f12 (correct), seq 406486862, win 64240, options [mss 1460,sackOK,TS val 822851129 ecr 0,nop,wscale 7], length 0
11:35:00.276593 IP (tos 0x0, ttl 52, id 17297, offset 0, flags [DF], proto TCP (6), length 52)
124.56.232.23.10600 > 12.215.24.089.41232: Flags [.], cksum 0x9554 (correct), seq 406486863, ack 2004122924, win 502, options [nop,nop,TS val 822851138 ecr 1494508470], length 0
11:35:00.277541 IP (tos 0x0, ttl 52, id 17298, offset 0, flags [DF], proto TCP (6), length 94)
124.56.232.23.10600 > 12.215.24.089.41232: Flags [P.], cksum 0x6ecc (correct), seq 0:42, ack 1, win 502, options [nop,nop,TS val 822851139 ecr 1494508470], length 42
11:35:00.297736 IP (tos 0x0, ttl 117, id 18028, offset 0, flags [none], proto TCP (6), length 40)
124.56.232.23.10600 > 12.215.24.089.41232: Flags [R], cksum 0x07df (correct), seq 406486905, win 24862, length 0
^C
4 packets captured
5 packets received by filter
0 packets dropped by kernel
我已尝试/检查过
- 重启服务器
- 重启客户端
/etc/hosts.deny
服务器上没有条目- 强制使用 IPV4,但没有帮助
ssh -F /dev/null -4 [email protected] -p 41232
- 尝试使用标志
-i /dev/null
- 一种可能性是 MTU 碎片,这里讨论得很好。我尝试了讨论中的几个答案,但没有解决问题。具体来说:
- 我试过添加密码、MAC、HostKeyAlgorithms 和其他标志在
/etc/ssh/ssh_config
- 尝试将客户端的 MTU 更改为 576、1000 和 1280
ens3
。服务器上的 MTU为 1500。 - 还尝试
IPQoS lowdelay throughput
添加/etc/ssh/ssh_config
- 我试过添加密码、MAC、HostKeyAlgorithms 和其他标志在
- 我也无法通过 PuTTY 连接到服务器。
防火墙
- 服务器设置 /
sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
41232/tcp ALLOW IN Anywhere # OpenSSH
80/tcp (Nginx HTTP) ALLOW IN Anywhere
443/tcp (Nginx HTTPS) ALLOW IN Anywhere
1313/tcp ALLOW IN Anywhere # Hugo Server
41232/tcp (v6) ALLOW IN Anywhere (v6) # OpenSSH
80/tcp (Nginx HTTP (v6)) ALLOW IN Anywhere (v6)
443/tcp (Nginx HTTPS (v6)) ALLOW IN Anywhere (v6)
1313/tcp (v6) ALLOW IN Anywhere (v6) # Hugo Server
- 客户端设置 /
sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip