无法在 Fedora 14 服务器上访问 ssh

tag-icon tag-icon ssh
无法在 Fedora 14 服务器上访问 ssh

将 Fedora 版本升级到 Fedora 14 后,ssh 访问不再起作用。

这是 IP 表配置:

[root@r2d2 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         state NEW udp dpt:mdns 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@r2d2 ~]# ^C

服务器的LAN IP地址为192.168.0.99。FW外部的IF地址为85.30.155.156。防火墙与升级Fedora服务器之前没有变化。

可以从服务器本身访问:

[root@r2d2 ~]# ssh [email protected]
The authenticity of host '192.168.0.99 (192.168.0.99)' can't be established.
RSA key fingerprint is 11:45:9b:8a:78:76:14:b5:d2:54:f7:ad:d8:32:e9:33.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.99' (RSA) to the list of known hosts.
[email protected]'s password: 
Last login: Thu Apr 14 23:20:45 2011 from vader.roinge
[perelis@r2d2 ~]$ exit
logout
Connection to 192.168.0.99 closed.
[root@r2d2 ~]# ssh [email protected]
ssh: connect to host 85.30.155.156 port 22: Connection timed out
[root@r2d2 ~]#

在同一个网络上(中间没有 FW,只有交换机),我有一台 Windows 机器。我尝试访问 Linux 服务器;从我的 Windows 计算机运行 telnet 和 ping:

    C:\Users\PerE>telnet 192.168.0.99 22
    Ansluter till 192.168.0.99...Det gick inte att ansluta till värddatorn, på porte n 22: Anslutningen misslyckades.
    C:\Users\PerE>ssh [email protected]
    ssh: connect to host 192.168.0.99 port 22: Connection timed out
    C:\Users\PerE>
C:\Users\PerE>ping 192.168.0.99
    Skickar ping-signal till 192.168.0.99 med 32 byte data:
    Svar från 192.168.0.99: byte=32 tid=1ms TTL=64
    Svar från 192.168.0.99: byte=32 tid=1ms TTL=64
    Svar från 192.168.0.99: byte=32 tid=1ms TTL=64
    Svar från 192.168.0.99: byte=32 tid=1ms TTL=64
    Ping-statistik för 192.168.0.99:
        Paket: Skickade = 4, Mottagna = 4, Förlorade = 0 (0 %),
    Ungefärlig överföringstid i millisekunder:
        Lägsta = 1 ms, Högsta = 1 ms, Medel = 1 ms
    C:\Users\PerE>

错误信息是瑞典语,但它表明无法连接到主机(192.168.0.99 是 Linux 主机)

我错过了什么?这太奇怪了。请帮忙。

答案1

首先尝试刷新 iptables。它里面的规则比必要的多了一些,尽管它看起来应该可以传递所有流量,但最好先将其从方程式中剔除。

你有UseDNS no/etc/ssh/sshd_config

相关内容