这让我困惑不已,希望有人可以澄清一下。
我有一个本地服务器 LOCALSRV 和远程服务器(Ubuntu 20.04)REMOTESRV。
在本地服务器上,我建立了一个反向 ssh 隧道,通过运行以下命令将 LOCALSRV 端口 5555 转发到 REMOTESRV 端口 7777autossh
在启动时运行,将 LOCALSRV 端口 5555 转发到 REMOTESRV 端口 7777,使用无密码密钥认证:
/opt/sbin/autossh -M 51501 -f \
my_tnl_user@REMOTESRV \
-p 51500 -NT -i /path/to/mykey_id_rsa \
-o "ExitOnForwardFailure=yes" \
-o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" \
-R 7777:127.0.0.1:5555
当我昨晚开始这个时,一切都运行正常;所以sudo journalctl -t sshd
从那个时间(大约 18 点)开始 REMOTESRV 报告:
Nov 18 18:09:51 REMOTESRV sshd[29058]: Disconnected from user my_tnl_user LOCALSRV_PUB_IP port 48109
Nov 18 18:09:51 REMOTESRV sshd[28990]: pam_unix(sshd:session): session closed for user my_tnl_user
Nov 18 18:17:49 REMOTESRV sshd[29127]: Accepted publickey for my_tnl_user from LOCALSRV_PUB_IP port 50641 ssh2: R>
Nov 18 18:17:49 REMOTESRV sshd[29127]: pam_unix(sshd:session): session opened for user my_tnl_user by (uid=0)
足够好了;所以我今天早上检查了所有东西,但什么都没用。LOCALSRVautossh
上的日志信息不太丰富(我忘了使用AUTOSSH_DEBUG=1
):
...
2021/11/18 18:17:49 autossh[13408]: starting ssh (count 1)
2021/11/18 18:17:49 autossh[13408]: ssh child pid is 13409
2021/11/18 22:58:06 autossh[13408]: timeout polling to accept read connection
2021/11/18 22:58:06 autossh[13408]: port down, restarting ssh
2021/11/18 22:58:06 autossh[13408]: starting ssh (count 2)
2021/11/18 22:58:06 autossh[13408]: ssh child pid is 17556
2021/11/18 22:58:07 autossh[13408]: ssh exited with error status 255; restarting ssh
2021/11/18 22:58:07 autossh[13408]: starting ssh (count 3)
2021/11/18 22:58:07 autossh[13408]: ssh child pid is 17557
2021/11/18 22:58:07 autossh[13408]: ssh exited with error status 255; restarting ssh
# this then repeats all the way to end, with differing PIDs:
2021/11/18 22:58:07 autossh[13408]: starting ssh (count 4)
2021/11/18 22:58:07 autossh[13408]: ssh child pid is 17559
2021/11/18 22:58:07 autossh[13408]: ssh exited with error status 255; restarting ssh
...
因此,我无法判断在 22:58 点可能发生了什么,导致“超时轮询接受读取连接”和“端口关闭,重新启动 ssh”(这些字符串在该日志中唯一出现)。
因此,我研究了sudo journalctl -t sshd
REMOTESRV(为便于阅读添加了换行符):
...
Nov 18 18:17:49 REMOTESRV sshd[29127]: Accepted publickey for my_tnl_user from LOCALSRV_PUB_IP port 50641 ssh2: R>
Nov 18 18:17:49 REMOTESRV sshd[29127]: pam_unix(sshd:session): session opened for user my_tnl_user by (uid=0)
Nov 18 22:58:06 REMOTESRV sshd[29920]: Accepted publickey for my_tnl_user from LOCALSRV_PUB_IP port 57231 ssh2: R>
Nov 18 22:58:06 REMOTESRV sshd[29920]: pam_unix(sshd:session): session opened for user my_tnl_user by (uid=0)
Nov 18 22:58:07 REMOTESRV sshd[30003]: error: bind [127.0.0.1]:51501: Address already in use
Nov 18 22:58:07 REMOTESRV sshd[30003]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 51501
Nov 18 22:58:07 REMOTESRV sshd[30003]: error: bind [127.0.0.1]:7777: Address already in use
Nov 18 22:58:07 REMOTESRV sshd[30003]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 7777
Nov 18 22:58:07 REMOTESRV sshd[29920]: pam_unix(sshd:session): session closed for user my_tnl_user
Nov 18 22:58:07 REMOTESRV sshd[30004]: Accepted publickey for my_tnl_user from LOCALSRV_PUB_IP port 57232 ssh2: R>
Nov 18 22:58:07 REMOTESRV sshd[30004]: pam_unix(sshd:session): session opened for user my_tnl_user by (uid=0)
...
好的,所以在这里我们可以看到“bind:地址已经在使用中”和“错误:channel_setup_fwd_listener_tcpip:无法监听端口” - 我不知道为什么会发生这种情况; 我发现最接近的是这个:
- https://askubuntu.com/questions/903866/multiple-port-forwarding-gives-bind-address-already-in-use
- https://serverfault.com/questions/1014401/ssh-reverse-port-forward-disconnects-each-10-minutes
就我的情况而言,出现此行为是由于两台计算机同时连接到具有相同 autossh 监控端口 (-M) 的服务器导致的。
如果客户端在服务器端连接终止之前重新连接,则可能会出现新的 ssh 连接处于活动状态,但没有端口转发的情况。为了避免这种情况,您需要
ExitOnForwardFailure
在客户端使用关键字。
呃,但是我已经用过它了,不是吗?
现在,这是最棘手的部分——在 REMOTESRV 上的上述日志片段之后sudo journalctl -t sshd
,这会重复一段时间:
...
Nov 18 22:58:07 REMOTESRV sshd[30004]: pam_unix(sshd:session): session closed for user my_tnl_user
Nov 18 22:58:07 REMOTESRV sshd[30066]: Accepted publickey for my_tnl_user from LOCALSRV_PUB_IP port 57233 ssh2: R>
Nov 18 22:58:07 REMOTESRV sshd[30066]: pam_unix(sshd:session): session opened for user my_tnl_user by (uid=0)
Nov 18 22:58:08 REMOTESRV sshd[30127]: error: bind [127.0.0.1]:51501: Address already in use
Nov 18 22:58:08 REMOTESRV sshd[30127]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 51501
Nov 18 22:58:08 REMOTESRV sshd[30127]: error: bind [127.0.0.1]:7777: Address already in use
Nov 18 22:58:08 REMOTESRV sshd[30127]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 7777
...
...然后,它像这样结束(为便于阅读添加了空格):
...
Nov 18 22:59:11 REMOTESRV sshd[30500]: pam_unix(sshd:session): session closed for user my_tnl_user
Nov 18 23:00:01 REMOTESRV sshd[30562]: Accepted publickey for my_tnl_user from LOCALSRV_PUB_IP port 57263 ssh2: R>
Nov 18 23:00:01 REMOTESRV sshd[30562]: pam_unix(sshd:session): session opened for user my_tnl_user by (uid=0)
Nov 18 23:00:01 REMOTESRV sshd[30623]: error: bind [127.0.0.1]:51501: Address already in use
Nov 18 23:00:01 REMOTESRV sshd[30623]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 51501
Nov 18 23:00:01 REMOTESRV sshd[30623]: error: bind [127.0.0.1]:7777: Address already in use
Nov 18 23:00:01 REMOTESRV sshd[30623]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 7777
Nov 18 23:00:01 REMOTESRV sshd[30562]: pam_unix(sshd:session): session closed for user my_tnl_user
Nov 18 23:01:13 REMOTESRV sshd[30624]: Failed password for my_tnl_user from LOCALSRV_PUB_IP port 57286 ssh2
Nov 18 23:01:13 REMOTESRV sshd[30624]: Failed password for my_tnl_user from LOCALSRV_PUB_IP port 57286 ssh2
Nov 18 23:01:13 REMOTESRV sshd[30624]: Connection closed by authenticating user my_tnl_user LOCALSRV_PUB_IP port >
Nov 18 23:02:51 REMOTESRV sshd[30627]: Failed password for my_tnl_user from LOCALSRV_PUB_IP port 57294 ssh2
Nov 18 23:02:51 REMOTESRV sshd[30627]: Failed password for my_tnl_user from LOCALSRV_PUB_IP port 57294 ssh2
Nov 18 23:02:52 REMOTESRV sshd[30627]: Connection closed by authenticating user my_tnl_user LOCALSRV_PUB_IP port >
...
因此,REMOTESRV 突然开始要求输入用户 my_tnl_user 的 ssh 密码 - 即使最初已将其设置为无密码密钥认证登录,确实工作正常?!
这到底是怎么回事?
事情是这样的:我实际上无权访问 LOCALSRV,但autossh
仍然在那里运行,并尝试连接到服务器。
我确实在今天早上(11 月 19 日)重新启动了 REMOTESRV,并且autossh
已经在 LOCALSRV 上尝试连接它多次 - 但每次都失败,因为它尝试使用密钥认证,而 REMOTESRV 一直要求输入密码,并且认证失败。
有人能解释一下发生了什么吗?我能在 REMOTESRV 上做什么吗?如果可以,该怎么做?让它再次接受来自 LOCALSRV 的密钥认证,而无需输入密码,这样我就能再次拥有一个可用的 ssh 反向隧道了?!