Centos ssh可以连接,但sftp无法连接

Centos ssh可以连接,但sftp无法连接

我尝试使用 SFTP 连接我的服务器,但连接失败。

我的 SSH 可以连接到服务器。

当我将 ssh 端口更改回 22 时,sftp 可以连接。

这是客户端日志

OpenSSH_8.3p1, OpenSSL 1.1.1g  21 Apr 2020
debug1: Reading configuration data /c/Users/yesio/.ssh/config        
debug1: /c/Users/yesio/.ssh/config line 1: Applying options for fiber
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 22235.
debug1: Connection established.
debug1: identity file /c/Users/yesio/.ssh/id_rsa type 0      
debug1: identity file /c/Users/yesio/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000 
debug1: Authenticating to xx.xx.xx.xx:22235 as 'yesion'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:i6dFte6Qbej2zrNoB0dfjGWE6aAMExv1aE8NG9JQx/E
debug1: checking without port identifier
debug1: Host 'xx.xx.xx.xx' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/yesio/.ssh/known_hosts:12
debug1: found matching key w/out port
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/yesio/.ssh/id_rsa RSA SHA256:ZCv3gRTiBBRt4yLSUVnk16NCDHp/FB6cMGPvFbUaytg explicit        
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /c/Users/yesio/.ssh/id_rsa RSA SHA256:ZCv3gRTiBBRt4yLSUVnk16NCDHp/FB6cMGPvFbUaytg explicit     
debug1: Server accepts key: /c/Users/yesio/.ssh/id_rsa RSA SHA256:ZCv3gRTiBBRt4yLSUVnk16NCDHp/FB6cMGPvFbUaytg explicit
debug1: Authentication succeeded (publickey).
Authenticated to xx.xx.xx.xx ([xx.xx.xx.xx]:22235).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Remote: /home/yesion/.ssh/authorized_keys:3: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /home/yesion/.ssh/authorized_keys:3: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending subsystem: sftp
client_loop: send disconnect: Connection reset by peer
Connection closed

这是我的服务器日志

May 17 15:44:45 fiber sshd[2804]: debug1: Forked child 2809.
May 17 15:44:45 fiber sshd[2809]: debug1: Set /proc/self/oom_score_adj to 0
May 17 15:44:45 fiber sshd[2809]: debug1: rexec start in 7 out 7 newsock 7 pipe 9 sock 10
May 17 15:44:45 fiber sshd[2809]: debug1: inetd sockets after dupping: 5, 5
May 17 15:44:45 fiber sshd[2809]: Connection from xx.xx.xx.xx port 7387 on xx.xx.xx.xx port 22235
May 17 15:44:45 fiber sshd[2809]: debug1: Local version string SSH-2.0-OpenSSH_8.0
May 17 15:44:45 fiber sshd[2809]: debug1: Remote protocol version 2.0, remote software version OpenSSH_8.3
May 17 15:44:45 fiber sshd[2809]: debug1: match: OpenSSH_8.3 pat OpenSSH* compat 0x04000000
May 17 15:44:45 fiber sshd[2809]: debug1: SELinux support enabled [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: ssh_selinux_change_context: setting context from 'system_u:system_r:sshd_t:s0-s0:c0.c1023' to 'system_u:system_r:sshd_net_t:s0-s0:c0.c1023' [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: permanently_set_uid: 74/74 [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: SSH2_MSG_KEXINIT sent [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: SSH2_MSG_KEXINIT received [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: kex: algorithm: curve25519-sha256 [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: rekey out after 134217728 blocks [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]      
May 17 15:44:45 fiber sshd[2809]: debug1: SSH2_MSG_NEWKEYS received [preauth]       
May 17 15:44:45 fiber sshd[2809]: debug1: rekey in after 134217728 blocks [preauth] 
May 17 15:44:45 fiber sshd[2809]: debug1: KEX done [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: userauth-request for user yesion service ssh-connection method none [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: attempt 0 failures 0 [preauth]
May 17 15:44:45 fiber sshd[2809]: debug1: PAM: initializing for "yesion"
May 17 15:44:45 fiber sshd[2809]: debug1: PAM: setting PAM_RHOST to "xx.xx.xx.xx"
May 17 15:44:45 fiber sshd[2809]: debug1: PAM: setting PAM_TTY to "ssh"
May 17 15:44:46 fiber sshd[2809]: debug1: userauth-request for user yesion service ssh-connection method publickey [preauth]May 17 15:44:46 fiber sshd[2809]: debug1: attempt 1 failures 0 [preauth]
May 17 15:44:46 fiber sshd[2809]: debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:ZCv3gRTiBBRt4yLSUVnk16NCDHp/FB6cMGPvFbUaytg [preauth]
May 17 15:44:46 fiber sshd[2809]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
May 17 15:44:46 fiber sshd[2809]: debug1: trying public key file /home/yesion/.ssh/authorized_keys
May 17 15:44:46 fiber sshd[2809]: debug1: fd 11 clearing O_NONBLOCK
May 17 15:44:46 fiber sshd[2809]: debug1: /home/yesion/.ssh/authorized_keys:3: matching key found: RSA SHA256:ZCv3gRTiBBRt4yLSUVnk16NCDHp/FB6cMGPvFbUaytg
May 17 15:44:46 fiber sshd[2809]: debug1: /home/yesion/.ssh/authorized_keys:3: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
May 17 15:44:46 fiber sshd[2809]: Accepted key RSA SHA256:ZCv3gRTiBBRt4yLSUVnk16NCDHp/FB6cMGPvFbUaytg found at /home/yesion/.ssh/authorized_keys:3
May 17 15:44:46 fiber sshd[2809]: debug1: restore_uid: 0/0
May 17 15:44:46 fiber sshd[2809]: Postponed publickey for yesion from xx.xx.xx.xx port 7387 ssh2 [preauth]
May 17 15:44:46 fiber sshd[2809]: debug1: userauth-request for user yesion service ssh-connection method publickey [preauth]May 17 15:44:46 fiber sshd[2809]: debug1: attempt 2 failures 0 [preauth]
May 17 15:44:46 fiber sshd[2809]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
May 17 15:44:46 fiber sshd[2809]: debug1: trying public key file /home/yesion/.ssh/authorized_keys
May 17 15:44:46 fiber sshd[2809]: debug1: fd 11 clearing O_NONBLOCK
May 17 15:44:46 fiber sshd[2809]: debug1: /home/yesion/.ssh/authorized_keys:3: matching key found: RSA SHA256:ZCv3gRTiBBRt4yLSUVnk16NCDHp/FB6cMGPvFbUaytg
May 17 15:44:46 fiber sshd[2809]: debug1: /home/yesion/.ssh/authorized_keys:3: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
May 17 15:44:46 fiber sshd[2809]: Accepted key RSA SHA256:ZCv3gRTiBBRt4yLSUVnk16NCDHp/FB6cMGPvFbUaytg found at /home/yesion/.ssh/authorized_keys:3
May 17 15:44:46 fiber sshd[2809]: debug1: restore_uid: 0/0
May 17 15:44:46 fiber sshd[2809]: debug1: auth_activate_options: setting new authentication options
May 17 15:44:46 fiber sshd[2809]: debug1: do_pam_account: called
May 17 15:44:46 fiber sshd[2809]: Accepted publickey for yesion from xx.xx.xx.xx port 7387 ssh2: RSA SHA256:ZCv3gRTiBBRt4yLSUVnk16NCDHp/FB6cMGPvFbUaytg
May 17 15:44:46 fiber sshd[2809]: debug1: monitor_child_preauth: yesion has been authenticated by privileged process        
May 17 15:44:46 fiber sshd[2809]: debug1: auth_activate_options: setting new authentication options [preauth]
May 17 15:44:46 fiber sshd[2809]: debug1: monitor_read_log: child log fd closed
May 17 15:44:46 fiber sshd[2809]: debug1: audit_event: unhandled event 2
May 17 15:44:46 fiber sshd[2809]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
May 17 15:44:46 fiber sshd[2809]: debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
May 17 15:44:46 fiber sshd[2809]: debug1: restore_uid: 0/0
May 17 15:44:46 fiber sshd[2809]: debug1: SELinux support enabled
May 17 15:44:46 fiber sshd[2809]: debug1: PAM: establishing credentials
May 17 15:44:46 fiber systemd[2813]: pam_unix(systemd-user:session): session opened for user yesion by (uid=0)
May 17 15:44:46 fiber sshd[2809]: pam_unix(sshd:session): session opened for user yesion by (uid=0)
May 17 15:44:46 fiber sshd[2809]: User child is on pid 2823
May 17 15:44:46 fiber sshd[2823]: debug1: PAM: establishing credentials
May 17 15:44:46 fiber sshd[2823]: debug1: permanently_set_uid: 1000/1000
May 17 15:44:46 fiber sshd[2823]: debug1: rekey in after 134217728 blocks
May 17 15:44:46 fiber sshd[2823]: debug1: rekey out after 134217728 blocks
May 17 15:44:46 fiber sshd[2823]: debug1: ssh_packet_set_postauth: called
May 17 15:44:46 fiber sshd[2823]: debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding  
May 17 15:44:46 fiber sshd[2823]: debug1: Entering interactive session for SSH2.
May 17 15:44:46 fiber sshd[2823]: debug1: server_init_dispatch
May 17 15:44:46 fiber sshd[2823]: debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
May 17 15:44:46 fiber sshd[2823]: debug1: input_session_request
May 17 15:44:46 fiber sshd[2823]: debug1: channel 0: new [server-session]
May 17 15:44:46 fiber sshd[2823]: debug1: session_new: session 0
May 17 15:44:46 fiber sshd[2823]: debug1: session_open: channel 0
May 17 15:44:46 fiber sshd[2823]: debug1: session_open: session 0: link with channel 0
May 17 15:44:46 fiber sshd[2823]: debug1: server_input_channel_open: confirm session
May 17 15:44:46 fiber sshd[2823]: debug1: server_input_global_request: rtype [email protected] want_reply 0      
May 17 15:44:46 fiber sshd[2823]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
May 17 15:44:46 fiber sshd[2823]: debug1: session_by_channel: session 0 channel 0
May 17 15:44:46 fiber sshd[2823]: debug1: session_input_channel_req: session 0 req subsystem
May 17 15:44:46 fiber sshd[2823]: debug1: subsystem: exec() /usr/libexec/openssh/sftp-server
May 17 15:44:46 fiber sshd[2823]: Starting session: subsystem 'sftp' for yesion from xx.xx.xx.xx port 7387 id 0
May 17 15:44:46 fiber sshd[2809]: debug1: session_new: session 0
May 17 15:45:06 fiber sshd[2823]: Read error from remote host xx.xx.xx.xx port 7387: Connection reset by peer
May 17 15:45:06 fiber sshd[2823]: debug1: do_cleanup
May 17 15:45:06 fiber sshd[2809]: debug1: do_cleanup
May 17 15:45:06 fiber sshd[2809]: debug1: PAM: cleanup
May 17 15:45:06 fiber sshd[2809]: debug1: PAM: closing session
May 17 15:45:06 fiber sshd[2809]: pam_unix(sshd:session): session closed for user yesion
May 17 15:45:06 fiber sshd[2809]: debug1: PAM: deleting credentials

sshd_config的是

#       $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port 22235
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# This system is following system-wide crypto policy. The changes to
# crypto properties (Ciphers, MACs, ...) will not have any effect here.
# They will be overridden by command-line options passed to the server
# on command line.
# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).      

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
LogLevel DEBUG

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes

# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
# as it is more configurable and versatile than the built-in version.
PrintMotd no

#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

相关内容