编辑:
将 sshd 置于 debug3 模式,结果如下:
lug 08 11:56:15 huaweipc sshd[113871]: Accepted publickey for paolo from 127.0.0.1 port 37762 ssh2: ED25519 SHA256:T6Dhpm0IYGrxJqUHUR7I44gdnrbBnPVET/DRC6wxaOI
lug 08 11:56:15 huaweipc sshd[113871]: debug1: monitor_child_preauth: user paolo authenticated by privileged process
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_get_keystate: Waiting for new keys
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_request_receive_expect: entering, type 26
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_request_receive: entering
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_get_keystate: GOT new keys
lug 08 11:56:15 huaweipc sshd[113871]: debug1: auth_activate_options: setting new authentication options [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug2: userauth_pubkey: authenticated 1 pkalg ssh-ed25519 [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug3: ensure_minimum_time_since: elapsed 7.204ms, delaying 6.530ms (requested 6.867ms) [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_do_pam_account entering [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_request_send: entering, type 102 [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_request_receive_expect: entering, type 103 [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_request_receive: entering [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_do_pam_account returning 1 [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug3: send packet: type 52 [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_request_send: entering, type 26 [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug3: mm_send_keystate: Finished sending state [preauth]
lug 08 11:56:15 huaweipc sshd[113871]: debug1: monitor_read_log: child log fd closed
lug 08 11:56:15 huaweipc sshd[113871]: debug3: ssh_sandbox_parent_finish: finished
lug 08 11:56:15 huaweipc sshd[113871]: debug1: PAM: establishing credentials
lug 08 11:56:15 huaweipc sshd[113871]: debug3: PAM: opening session
lug 08 11:56:15 huaweipc sshd[113871]: debug2: do_pam_session: auth information in SSH_AUTH_INFO_0
lug 08 11:56:15 huaweipc sshd[113871]: pam_unix(sshd:session): session opened for user paolo(uid=1000) by (uid=0)
身份验证后会发生什么?什么都没有?
我有一台 xubuntu 电脑,无法使用 ssh 连接。无论是从其他主机还是从其自身(使用ssh localhost),身份验证过程都正常,但 ssh 结束时会显示超时消息。
在详细模式下我得到:
$ ssh -vvv localhost
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/paolo/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/paolo/.ssh/known_hosts2'
debug2: resolving "localhost" port 22
debug3: resolve_host: lookup localhost:22
debug3: ssh_connect_direct: entering
debug1: Connecting to localhost [127.0.0.1] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/paolo/.ssh/id_rsa type 0
debug1: identity file /home/paolo/.ssh/id_rsa-cert type -1
debug1: identity file /home/paolo/.ssh/id_ecdsa type -1
debug1: identity file /home/paolo/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/paolo/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/paolo/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/paolo/.ssh/id_ed25519 type 3
debug1: identity file /home/paolo/.ssh/id_ed25519-cert type -1
debug1: identity file /home/paolo/.ssh/id_ed25519_sk type -1
debug1: identity file /home/paolo/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/paolo/.ssh/id_xmss type -1
debug1: identity file /home/paolo/.ssh/id_xmss-cert type -1
debug1: identity file /home/paolo/.ssh/id_dsa type -1
debug1: identity file /home/paolo/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to localhost:22 as 'paolo'
debug3: record_hostkey: found key type ED25519 in file /home/paolo/.ssh/known_hosts:38
debug3: load_hostkeys_file: loaded 1 keys from localhost
debug1: load_hostkeys: fopen /home/paolo/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,[email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,[email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:PlciRlNWPOvPo2QAexfRn+Le/6tfdKK0RsFbqLsVsNs
debug3: record_hostkey: found key type ED25519 in file /home/paolo/.ssh/known_hosts:38
debug3: load_hostkeys_file: loaded 1 keys from localhost
debug1: load_hostkeys: fopen /home/paolo/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'localhost' is known and matches the ED25519 host key.
debug1: Found key in /home/paolo/.ssh/known_hosts:38
debug3: send packet: type 21
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: /home/paolo/.ssh/id_ed25519 ED25519 SHA256:T6Dhpm0IYGrxJqUHUR7I44gdnrbBnPVET/DRC6wxaOI agent
debug1: Will attempt key: /home/paolo/.ssh/id_rsa RSA SHA256:afMET60oaKoVI/jQUYhR/jBkouvf3KPnieBEUQH0V98 agent
debug1: Will attempt key: /home/paolo/.ssh/id_ecdsa
debug1: Will attempt key: /home/paolo/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/paolo/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/paolo/.ssh/id_xmss
debug1: Will attempt key: /home/paolo/.ssh/id_dsa
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_input_ext_info: [email protected]=<0>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/paolo/.ssh/id_ed25519 ED25519 SHA256:T6Dhpm0IYGrxJqUHUR7I44gdnrbBnPVET/DRC6wxaOI agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /home/paolo/.ssh/id_ed25519 ED25519 SHA256:T6Dhpm0IYGrxJqUHUR7I44gdnrbBnPVET/DRC6wxaOI agent
debug3: sign_and_send_pubkey: using [email protected] with ED25519 SHA256:T6Dhpm0IYGrxJqUHUR7I44gdnrbBnPVET/DRC6wxaOI
debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:T6Dhpm0IYGrxJqUHUR7I44gdnrbBnPVET/DRC6wxaOI
debug3: send packet: type 50
debug3: receive packet: type 52
Authenticated to localhost ([127.0.0.1]:22) using "publickey".
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting [email protected]
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: filesystem
每隔 1 分钟就会添加一行:
debug3: send packet: type 80
键盘不会在屏幕上产生任何内容。Ctl-c 不会中断 ssh
经过这三行之后,我得到了
Timeout, server localhost not responding.
sshd 配置是默认配置,取自 /usr/share/openssh/sshd_config
sshd 处于活动状态并在端口 22 上运行:
$ sudo systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2023-07-08 10:33:51 AST; 14min ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 85624 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 85626 (sshd)
Tasks: 1 (limit: 8138)
Memory: 4.5M
CPU: 102ms
CGroup: /system.slice/ssh.service
└─85626 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
lug 08 10:33:51 huaweipc systemd[1]: Stopped OpenBSD Secure Shell server.
lug 08 10:33:51 huaweipc systemd[1]: Starting OpenBSD Secure Shell server...
lug 08 10:33:51 huaweipc sshd[85626]: Server listening on 0.0.0.0 port 22.
lug 08 10:33:51 huaweipc systemd[1]: Started OpenBSD Secure Shell server.
lug 08 10:43:39 huaweipc sshd[92280]: Accepted publickey for paolo from 127.0.0.1 port 42416 ssh2: ED25519 SHA256:T6Dhpm0IYGrxJqUHUR7I44gdnrbBnPVET/DRC6wxaOI
lug 08 10:43:39 huaweipc sshd[92280]: pam_unix(sshd:session): session opened for user paolo(uid=1000) by (uid=0)
$ telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
$ netstat -l | grep ssh
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
unix 2 [ ACC ] STREAM LISTENING 80364 /run/user/1000/gnupg/S.gpg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 396671 /tmp/ssh-XXXXXXFoIlQu/agent.35350
unix 2 [ ACC ] STREAM LISTENING 80533 /run/user/1000/keyring/ssh
unix 2 [ ACC ] STREAM LISTENING 102555 /run/user/1000/keyring/.ssh
无防火墙阻止:
$ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$ sudo ufw status
State: inactive
从另一台电脑连接到这台电脑会产生相同的超时行为。
这个超时是多少?
我有另一台 xubuntu 电脑,其配置(显然)相同,但一切正常。