尝试从本地网络外部获取对 Windows 计算机的 SSH 访问权限时,远程主机突然终止连接

tag-icon tag-icon networking ssh powershell firewall openssh
尝试从本地网络外部获取对 Windows 计算机的 SSH 访问权限时,远程主机突然终止连接

我有一台 Windows 计算机,我想从家庭网络外部获取对其 powershell 的 ssh 访问权限。为此,我在路由器上打开了一个 TCP 端口,并设置了自动转发到我想要连接的计算机(界面由谷歌翻译):

在此处输入图片描述

然后,我在目标计算机的防火墙中创建了一条规则:

netsh advfirewall firewall add rule name="ps_ssh" dir=in action=allow  protocol=TCP localport=<port_number>

然后我在 powershell 管理窗口中安装并启用了 ssh:

  Add-WindowsCapability -Online -Name OpenSSH.Server
  Start-Service sshd
  Set-Service -Name sshd -StartupType 'Automatic'

然后我修改了我的%ProgramData%/ssh/sshd_config文件以反映以下选项:

ListenAddress 0.0.0.0
LogLevel DEBUG3
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
# AuthorizedKeysFile .ssh/authorized_keys
Subsystem   sftp    sftp-server.exe
Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

然后我将~/.ssh/ed25519.pub文件从我想从外部连接的计算机复制到如下行C:\Users\<username>\.ssh\authorized_keys

ssh-ed25519 <hash> <user_name>

以换行符结尾。

然而,当我尝试从外部连接到目标电脑时,我得到了

$ ssh -vvv -i ~/.ssh/id_ed25519 <my_global_ip> -p 22
OpenSSH_8.9p1 Ubuntu-3ubuntu0.4, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname <my_global_ip> is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/snkr/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/snkr/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to <my_global_ip> [<my_global_ip>] port <port_number>.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/snkr/.ssh/id_ed25519 type 3
debug1: identity file /home/snkr/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4
kex_exchange_identification: read: Connection reset by peer
Connection reset by <my_global_ip> port <port_number>

ssh-keyscan表明我们甚至无法获取公钥:

$ ssh-keyscan -H <my_global_ip>
<my_global_ip>: Connection closed by remote host
<my_global_ip>: Connection closed by remote host
<my_global_ip>: Connection closed by remote host
<my_global_ip>: Connection closed by remote host
<my_global_ip>: Connection closed by remote host

Ping<my_global_ip>可以工作,但是 telnet 的连接也立即中止:

$ telnet <my_global_ip>
Trying <my_global_ip>...
Connected to <my_global_ip>.
Escape character is '^]'.
Connection closed by foreign host.

如果我们查看 Windows EventViewer 中的 OpenSSH 日志,则不会记录任何连接尝试的痕迹,只有我们运行时的实例Restart-Service sshd。这让我怀疑 Windows 防火墙导致了问题,但暂时禁用它也无法解决上述任何问题。

在给定的设置中,我们到底缺少了什么?

相关内容