不确定这里发生了什么,但与我的服务器的任何 SSH 连接都失败。昨天还有效,今天不行。
服务器:Centos 6.10 cPanel v86.0.18
客户端:使用 Putty SSH 的 Windows 系统
我在 Windows 机器上使用 Putty。我可以连接到端口 22 上的 IP。如果我输入错误的密码,它会再次提示我输入密码。如果我提供正确的密码,它要么只是关闭会话窗口,要么给我一个错误Server unexpectedly closed network connection
。在我的本地防火墙上,日志显示会话由于tcp-fin
数据包而结束 - 这意味着远程服务器关闭了会话。
在 cPanel 中,我使用该Terminal
应用程序来模拟控制台会话,并且可以获得 root 命令行:[root@sX-X-X-X ~]#
。然后我从那里 ssh 到自身:- 我收到此错误:ssh [email protected]
dup() in/out/err failed
我重新启动了 sshd,问题仍然存在。我可以做什么或查看什么来解决这个问题?
更新:
从提示符处运行此调试命令:
[[email protected] ~]# ssh -vvvo PreferredAuthentications=password [email protected]
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to X.X.X.X [X.X.X.X] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 864 bytes for a total of 885
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,[email protected]
debug2: kex_parse_kexinit: hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96
debug2: kex_parse_kexinit: hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 909
debug2: dh_gen_key: priv key bits set: 161/320
debug2: bits set: 1000/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 272 bytes for a total of 1181
debug3: check_host_in_hostfile: host 166.62.85.95 filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: host 166.62.85.95 filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'X.X.X.X' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug2: bits set: 1030/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1197
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1249
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug3: Wrote 84 bytes for a total of 1333
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred password
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password:
debug3: packet_send2: adding 48 (len 72 padlen 8 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 148 bytes for a total of 1481
Segmentation fault
更新2:
我已经通过几个不同的用户帐户尝试过 ssh,甚至root
- 我对所有用户都得到相同的结果。这是用户输出信息:
$ grep userID /etc/passwd
$ userID:x:501:501::/home/userID:/bin/bash
$ ls -1 /proc/1121/fd | wc -l
4
$ cat /proc/sys/fs/file-max
262144
$ cat /proc/sys/fs/file-nr
139584 0 262144
$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/ploop34902p1 118G 14G 100G 12% /
none 2.0G 4.0K 2.0G 1% /dev
none 2.0G 0 2.0G 0% /dev/shm
重启也没有任何反应,仍然无法 ssh。
更新3:
从我的 SSH 日志来看,它接受密码,然后立即关闭会话:
Apr 21 11:44:09 sX.X.X.X sshd[23144]: Accepted password for myAdminID from 47.200.121.187 port 4283 ssh2
Apr 21 11:44:09 sX.X.X.X sshd[23144]: pam_unix(sshd:session): session opened for user myAdminID by (uid=0)
Apr 21 11:44:10 sX.X.X.X sshd[23144]: pam_unix(sshd:session): session closed for user myAdminID
答案1
我意识到这个问题是近一年前的问题,但我也遇到了这个问题,并且我发现这个问题在网上的其他地方流传。
要点是:
- 您正在运行 CentOS 6
- 你连接SSH服务器,客户端立即出现段错误,有时会吐出来
dup() in/out/err failed
- 日志显示连接成功并且客户端正在关闭连接。
发生的情况是您的服务器获得了错误的 OpenSSH 更新 - 5.3p1-269.el6.x86_64
您可以通过运行以下命令来验证这一点:
yum --showduplicates list openssh-server\*
您需要删除此版本,然后安装旧版本:
rpm -qa openssh*
rpm -e --nodeps openssh-server-5.3p1-269.el6.x86_64
rpm -e --nodeps openssh-5.3p1-269.el6.x86_64
rpm -e --nodeps openssh-clients-5.3p1-269.el6.x86_64
yum -y update openssh
就我而言,ssh 可执行文件也设置为不可变,检查标志I
:
lsattr /usr/sbin/sshd
然后取消设置:
chattr -i /usr/sbin/sshd
然后您可以手动重新安装 openssh-server:
yum install openssh
yum install openssh-server
yum install openssh-clients
我会重新启动,但你可以service sshd restart
版本现在应该是:
[root@server ~]# ssh -version
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
资料来源:
https://www.godaddy.com/community/VPS-Dedicated-Servers/SSH-accepting-connection-then-dropping-connection/mp/161332
https://forums.cpanel.net/threads/error-rexec-of-usr-sbin-sshd-failed-no-such-file-or-directory.678129/
https://forums.cpanel.net/threads/unable-to-ssh-or-sftp-able-to-access-whm.671209/