我在使用 sftp 时遇到了一些重大问题。目前我可以顺利地将文件传输到服务器或从服务器传输文件,但我实际上无法退出;输入exit或bye无法将我返回到我的 PC 外壳,而只是挂在那里。
komali{Void}:~ λ sftp -v [email protected]
OpenSSH_9.0p1, OpenSSL 1.1.1q 5 Jul 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.68.111 [192.168.68.111] port 22.
debug1: Connection established.
....
Connected to 192.168.68.111.
sftp> # everything working
sftp> exit
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
(ctrl + c)
Interrupt
Interrupt
Interrupt
Interrupt
Interrupt
More full output with -v below
komali{Void}:~ λ sftp -v [email protected]
OpenSSH_9.0p1, OpenSSL 1.1.1q 5 Jul 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.68.111 [192.168.68.111] port 22.
debug1: Connection established.
debug1: identity file /home/komali/.ssh/id_rsa type 0
debug1: identity file /home/komali/.ssh/id_rsa-cert type -1
debug1: identity file /home/komali/.ssh/id_ecdsa type -1
debug1: identity file /home/komali/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/komali/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/komali/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/komali/.ssh/id_ed25519 type -1
debug1: identity file /home/komali/.ssh/id_ed25519-cert type -1
debug1: identity file /home/komali/.ssh/id_ed25519_sk type -1
debug1: identity file /home/komali/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/komali/.ssh/id_xmss type -1
debug1: identity file /home/komali/.ssh/id_xmss-cert type -1
debug1: identity file /home/komali/.ssh/id_dsa type -1
debug1: identity file /home/komali/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u7
debug1: compat_banner: match: OpenSSH_7.4p1 Debian-10+deb9u7 pat OpenSSH_7.4* compat 0x04000006
debug1: Authenticating to 192.168.68.111:22 as 'komali'
debug1: load_hostkeys: fopen /home/komali/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:DDC3lEDZrZUU8ie5x9drI6qs9sEr8HG1Dcgj6QVmIRc
debug1: load_hostkeys: fopen /home/komali/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.68.111' is known and matches the ED25519 host key.
debug1: Found key in /home/komali/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/komali/.ssh/id_rsa RSA SHA256:J640EIUDOZpZ6kf33Cdr9dJ7XAFMNznSu6zRnEJPuT4
debug1: Will attempt key: /home/komali/.ssh/id_ecdsa
debug1: Will attempt key: /home/komali/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/komali/.ssh/id_ed25519
debug1: Will attempt key: /home/komali/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/komali/.ssh/id_xmss
debug1: Will attempt key: /home/komali/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/komali/.ssh/id_rsa RSA SHA256:J640EIUDOZpZ6kf33Cdr9dJ7XAFMNznSu6zRnEJPuT4
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/komali/.ssh/id_ecdsa
debug1: Trying private key: /home/komali/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/komali/.ssh/id_ed25519
debug1: Trying private key: /home/komali/.ssh/id_ed25519_sk
debug1: Trying private key: /home/komali/.ssh/id_xmss
debug1: Trying private key: /home/komali/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
Authenticated to 192.168.68.111 ([192.168.68.111]:22) using "password".
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: client_input_hostkeys: searching /home/komali/.ssh/known_hosts for 192.168.68.111 / (none)
debug1: client_input_hostkeys: searching /home/komali/.ssh/known_hosts2 for 192.168.68.111 / (none)
debug1: client_input_hostkeys: hostkeys file /home/komali/.ssh/known_hosts2 does not exist
debug1: Sending subsystem: sftp
debug1: client_global_hostkeys_private_confirm: server used untrusted RSA signature algorithm ssh-rsa for key 0, disregarding
debug1: update_known_hosts: known hosts file /home/komali/.ssh/known_hosts2 does not exist
Connected to 192.168.68.111.
sftp> # everything working
sftp> exit
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
(ctrl + c)
Interrupt
Interrupt
Interrupt
Interrupt
Interrupt
ssh 按预期工作。
我退出的唯一方法是手动终止 sftp 进程,我不想依赖它,因为我有脚本可以自动将文件传输到服务器和从服务器传输。我的服务器(以前是 Laptop)正在运行 Debian WSL1 实例,直到今天早上都运行良好。我可以正常地通过 sftp 进入我的 Raspberry Pi,但也无法从那里通过 sftp 进入服务器。我不知道发生了什么,所以如果有人有任何建议,我很乐意听取。我也不确定要添加什么,所以如果需要任何进一步的信息,我会编辑这篇文章。谢谢!
答案1
假设
服务器使用某种包装器sftp-server(或替代品),异步运行某些操作,不会在您期望时终止。此额外进程的标准输出连接到sftp-server使用的同一管道;该进程是静默的,不会破坏协议,但在退出后保持管道打开sftp-server。
看这个答案:
sshd确实等待启动用户登录 shell 的进程,但同时,在该进程终止后,等待 stdout 管道上的 eof(至少在 openssh 的情况下不是 stderr 管道)。并且,当管道的写入端没有任何进程打开文件描述符时,就会发生 eof,这种情况通常仅当所有未将其 stdout 重定向到其他位置的进程都消失时才会发生。
概念验证
/etc/ssh/sshd_config在中配置了 OpenSSH 服务器
subsystem sftp sleep 15 & /usr/lib/openssh/sftp-server
如果您在 15 秒内输入内容,将重复您描述的行为exit。连接将持续至少 15 秒。
就像链接的答案所述,这与 stdout 有关。将额外进程的 stdout 重定向到其他地方就足够了,问题就解决了:
subsystem sftp sleep 15 >/dev/null & /usr/lib/openssh/sftp-server
(如果您想在 SSH 服务器中测试这一点,请记住在编辑文件后需要重新加载服务;例如sudo systemctl reload sshd.service。)
结论
如果假设正确,问题出在服务器上。额外的进程可能不是sleep,但这是问题。如果你可以重新配置服务器,那么也许你可以修复它:
- 首先不要启动任何额外的进程
- 或者通过重定向额外进程的标准输出
- 或者通过(某种方式)使额外的进程在
sftp-server终止时终止。
如果假设正确,我认为没有简单的客户端解决方案。
但是我不知道是什么原因导致 Debian WSL1 实例开始自行出现这种行为。也许这与 SSH 服务器本身无关。任何设法打开相关管道进行写入的服务器端进程都可能是罪魁祸首。它不一定是 SSH 服务器的后代,它可能是一个恶意进程。