我对 Solaris 还很陌生,并且安装了具有所有默认选项的 Solaris 11 Express,但是在建立 ssh 连接时遇到了很多麻烦。
我能够从 localhost 和位于同一子网中的客户端通过 ssh 连接到 Solaris 服务器,但当我尝试从位于不同子网中的客户端连接时(无论我使用哪个 ssh 客户端),都无法连接。我尝试过 Debian GNU/Linux 6.0.1 附带的 ssh 客户端,也尝试过 Secure Shell Client 3.2.9 等,但都没有成功。我甚至尝试在虚拟机中安装另一个 Solaris 11 Express,使用不同子网中的公共地址进行 NAT,但仍然遇到同样的问题。
这是我使用 -vvv 选项运行 ssh 客户端时收到的输出:
andres@solaris1:~$ ssh root@<ip-address> -p <port> -vvv
Sun_SSH_1.5, SSH protocols 1.5/2.0, OpenSSL 0x009080ff
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to <ip-address> [<ip-address>] port <port>.
debug1: Connection established.
debug1: identity file /home/andres/.ssh/identity type -1
debug1: identity file /home/andres/.ssh/id_rsa type -1
debug1: identity file /home/andres/.ssh/id_dsa type -1
debug1: Logging to host: <ip-address>
debug1: Local user: andres Remote user: root
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.5
debug1: match: Sun_SSH_1.5 pat Sun_SSH_1.5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.5
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
Read from socket failed: Connection reset by peer
debug1: Calling cleanup 0x8079eb0(0x0)
当使用 -ddd 选项运行时,服务器中的 sshd 将打印以下内容: (仅最后一部分)
debug1: We proposed langtags, stoc: af-ZA,ar-EG,as-IN,az-AZ,be-BY,bg-BG,bn-IN,bs-BA,ca-ES,cs-CZ,da-DK,de-DE,el-GR,en-US,es-ES,et-EE,fi-FI,fr-FR,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,hy-AM,id-ID,is-IS,it-IT,ja-JP,ka-GE,kk-KZ,kn-IN,ko-KR,ks-IN,ku-TR,ky-KG,lt-LT,lv-LV,mk-MK,ml-IN,mr-IN,ms-MY,mt-MT,nb-NO,nl-NL,nn-NO,or-IN,pa-IN,pl-PL,pt-BR,pt-PT,ro-RO,ru-RU,sa-IN,sk-SK,sl-SI,sq-AL,sr-RS,sv-SE,th-TH,tr-TR,uk-UA,vi-VN,zh-CN,i-default,zh-TW
debug1: Negotiated main locale: en_US.UTF-8
debug1: Negotiated messages locale: en_US.UTF-8
Write failed: Broken pipe
debug1: Calling cleanup 0x808bc80(0x0)
monitor debug1: child closed the communication pipe before user auth was finished
monitor debug1: Calling cleanup 0x808bc80(0x0)
monitor debug1: Calling cleanup 0x808bc80(0x0)
文件 /etc/ssh/sshd_config 具有默认内容,并且我在某处看到添加该行...
GSSAPIAuthentication no
...可以提供帮助,但事实并非如此。
我担心这也不是防火墙的问题,因为我在相同的网络配置中还有一些其他的 Linux 系统,而且我能够访问它们......事实上,通过其中一个系统,我可以通过双重 ssh 来访问 Solaris 系统。
更新 /etc/ssh/sshd_config 已启用 root 登录
答案1
如果问题仅出现在不同的子网上,则不太可能是 SSH 问题。可能是默认路由设置。您使用的是 DHCP 还是静态 IP?您可以使用“netstat -nr”检查默认路由。
答案2
嗯,这似乎是 ISP 的错。我曾访问过第三个子网,它运行正常……我猜想 SunOS ssh 在流量流出子网或来自其他子网时被阻止了,我甚至尝试使用与某些 sshd 正常运行的 Linux 计算机相同的 IP 地址和端口组合,但没有任何变化。让我怀疑的是,连接的两端都报告对方已停止链接。