我有一个使用 avahi 连接的 ubuntu 盒子。连接到该盒子可以很好地用于所有服务(我经常在其上使用 AFP、SSH 和 SMB),但我注意到,每当我使用 SSH 从 mac 连接到它时(并使用 avahi 提供的“.local”dns 名称 - 例如ssh <servername>.local),SSH 都会尝试使用 ipv6 进行连接,但由于某种原因超时(两分钟后),然后它会尝试 ipv4 并立即连接。
我想避免这种超时,因为它对我和其他用户来说真的很烦人 - 如果 SSH 首先尝试 ipv4 或者如果 ipv6 上的 ssh 有效,那么这将解决问题。但到目前为止,我无法让任何一个工作(我所能做的最好的事情是指定-4SSH 的选项以完全阻止它尝试 ipv6)。
我使用的是 Ubuntu 10.04。任何解决方案都必须在服务器上(而不是客户端上),因为有多个客户端在连接。一个可能的复杂情况可能是我的 LAN 设置为仅允许链路本地 ipv6 地址,但我有其他服务器(使用 Mac OS),我可以使用 ipv6 通过 SSH 连接到它们)
我怀疑可以通过阻止 avahi 广播 ipv6 地址或通过启用 ipv6 上的 ssh 来解决该问题,但据我所知,avahi 已配置为不广播 ipv6 地址,并且 sshd 配置为允许 ipv6 连接!
这是我的/etc/avahi/avahi-daemon.conf(我认为我没有改变 ubuntu 默认设置)
[server]
#host-name=foo
#domain-name=local
#browse-domains=0pointer.de, zeroconf.org
use-ipv4=yes
use-ipv6=no
#allow-interfaces=eth0
#deny-interfaces=eth1
#check-response-ttl=no
#use-iff-running=no
#enable-dbus=yes
#disallow-other-stacks=no
#allow-point-to-point=no
[wide-area]
enable-wide-area=yes
[publish]
#disable-publishing=no
#disable-user-service-publishing=no
#add-service-cookie=no
#publish-addresses=yes
#publish-hinfo=yes
#publish-workstation=yes
#publish-domain=yes
#publish-dns-servers=192.168.50.1, 192.168.50.2
#publish-resolv-conf-dns-servers=yes
#publish-aaaa-on-ipv4=yes
#publish-a-on-ipv6=no
[reflector]
#enable-reflector=no
#reflect-ipv=no
[rlimits]
#rlimit-as=
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=300
rlimit-stack=4194304
rlimit-nproc=3
这是我的 sshd_config(主要更新为仅允许发布/私钥):
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 180
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
AllowGroups sshusers
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
有人有什么想法可以让我尝试吗,或者有人经历过类似的事情吗?