![网络扫描仪的 ssh/sftp 设置期间 SSH“连接被 XXX [preauth] 关闭”](https://linux22.com/image/210033/%E7%BD%91%E7%BB%9C%E6%89%AB%E6%8F%8F%E4%BB%AA%E7%9A%84%20ssh%2Fsftp%20%E8%AE%BE%E7%BD%AE%E6%9C%9F%E9%97%B4%20SSH%E2%80%9C%E8%BF%9E%E6%8E%A5%E8%A2%AB%20XXX%20%5Bpreauth%5D%20%E5%85%B3%E9%97%AD%E2%80%9D.png)
在我的本地 LAN 上,我尝试设置一个用于网络扫描的 sftp 共享,在与我的笔记本电脑连接ssh/sftp从我的笔记本电脑连接时,它按预期工作。
奇怪的是,在尝试为我的网络扫描仪设置连接时,我在扫描仪的 Web 管理工具中收到错误消息“身份验证错误”。经过检查,我发现连接已被 192.168.178.44 端口 52786 [preauth] 关闭在 ssh 服务器日志上。
由于日志充满了有关密钥交换的消息,我假设客户端可能使用不寻常的密钥类型,但我对此的了解有限。有没有办法通过编辑 sshd_config 在服务器端启用连接?安全方面有何影响?特别是与普通 FTP 相比。
我的 SSH 服务器配置几乎是默认的。我在 RaspberryPi (192.168.178.100) 的端口 2022 上运行 openssh。
journalctl -xe尝试从网络扫描仪(192.168.178.44,Brother ADS-4300N)连接时的附加日志:
Aug 29 20:41:42 Nas sshd[6319]: Connection from 192.168.178.44 port 52786 on 192.168.178.100 port 2022 rdomain ""
Aug 29 20:41:42 Nas sshd[6319]: debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Raspbian-5+deb11u1
Aug 29 20:41:42 Nas sshd[6319]: debug1: Remote protocol version 2.0, remote software version libssh2_1.9.0
Aug 29 20:41:42 Nas sshd[6319]: debug1: no match: libssh2_1.9.0
Aug 29 20:41:42 Nas sshd[6319]: debug2: fd 4 setting O_NONBLOCK
Aug 29 20:41:42 Nas sshd[6319]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox
Aug 29 20:41:42 Nas sshd[6319]: debug2: Network child is on pid 6320
Aug 29 20:41:42 Nas sshd[6319]: debug3: preauth child monitor started
Aug 29 20:41:42 Nas sshd[6319]: debug3: privsep user:group 107:65534 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: permanently_set_uid: 107/65534 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: send packet: type 20 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: receive packet: type 20 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: SSH2_MSG_KEXINIT received [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: local server KEXINIT proposal [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: compression ctos: none,[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: compression stoc: none,[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: languages ctos: [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: languages stoc: [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: first_kex_follows 0 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: reserved 0 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: peer client KEXINIT proposal [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,[email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: host key algorithms: ssh-rsa [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,[email protected],aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,[email protected],aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: compression ctos: none [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: compression stoc: none [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: languages ctos: [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: languages stoc: [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: first_kex_follows 0 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: reserved 0 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: kex: algorithm: ecdh-sha2-nistp256 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: kex: host key algorithm: ssh-rsa [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: receive packet: type 30 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_sshkey_sign entering [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_request_send entering: type 6 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_request_receive_expect entering: type 7 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_request_receive entering [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_request_receive entering
Aug 29 20:41:42 Nas sshd[6319]: debug3: monitor_read: checking request 6
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_answer_sign
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_answer_sign: KEX signature 0x152b3b8(399)
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_request_send entering: type 7
Aug 29 20:41:42 Nas sshd[6319]: debug2: monitor_read: 6 used once, disabling now
Aug 29 20:41:42 Nas sshd[6319]: debug3: send packet: type 31 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: send packet: type 21 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: set_newkeys: mode 1 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: rekey out after 4294967296 blocks [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: receive packet: type 21 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: set_newkeys: mode 0 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: rekey in after 4294967296 blocks [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: KEX done [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: receive packet: type 5 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: send packet: type 6 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: Connection closed by 192.168.178.44 port 52786 [preauth]