在谷歌上询问了几个小时(以及很多 serverfault 页面)之后,我没有找到答案。
大约 100 次 ssh 登录后,服务器回答:“ssh_exchange_identification:远程关闭连接”。
ssh -vvv 日志:
ssh -vvv [email protected]
OpenSSH_5.3p1 Debian-3ubuntu7.1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.3.18 [192.168.3.18] port 22.
debug1: Connection established.
debug1: identity file /home/bla/.ssh/identity type -1
debug1: identity file /home/bla/.ssh/id_rsa type -1
debug1: identity file /home/bla/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
如果一个终端已经打开,则状态为:
root@snr2:~ systemctl status sshd.socket
sshd.socket
Loaded: loaded (/lib/systemd/system/sshd.socket; disabled)
Active: failed since Fri, 06 Mar 2015 07:40:16 +0000; 3s ago
Accepted: 2092; Connected: 2
CGroup: name=systemd:/system/sshd.socket
重启后
root@snr2:~ systemctl restart sshd.socket
root@snr2:~ systemctl status sshd.socket
sshd.socket
Loaded: loaded (/lib/systemd/system/sshd.socket; disabled)
Active: active (listening) since Fri, 06 Mar 2015 07:42:04 +0000; 1s ago
Accepted: 2092; Connected: 2
CGroup: name=systemd:/system/sshd.socket
现在无法再次登录,我需要重新启动整个机器,而不仅仅是 sshd 服务。
我已尝试过:
echo "sshd:ALL" >> /etc/hosts.allow
/etc/ssh 目录如下所示:
drwxr-xr-x 2 root root 480 Jan 8 1970 backup
-rw-r--r-- 1 root root 125811 Jan 1 1970 moduli
-rw-r--r-- 1 root root 1355 Feb 26 05:52 ssh_config
-rw------- 1 root root 668 Jan 8 1970 ssh_host_dsa_key
-rw-r--r-- 1 root root 608 Jan 8 1970 ssh_host_dsa_key.pub
-rw------- 1 root root 1679 Jan 8 1970 ssh_host_rsa_key
-rw-r--r-- 1 root root 400 Jan 8 1970 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 2870 Mar 5 12:46 sshd_config
-rw-r--r-- 1 root root 2870 Mar 5 12:46 /etc/ssh/sshd_config
我试过删除 ssh_host_{rsa,dsa}_* 文件,但之后无法再次登录。
# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
MaxStartups 100
#PermitTunnel no
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/sbin/sftp-server
希望有人能帮助我:)
问候