我想允许特定用户进行 SSH TCP 转发,因此我将此部分添加到 sshd_config 中:
Match User rainmannoodles
AllowTcpForwarding yes
TCPKeepAlive yes
更改后,连接时我收到以下消息:
ssh_exchange_identification: Connection closed by remote host
如果我注释掉“匹配用户”块,一切都会正常。该块是文件中的最后一个块。
我想不出这种行为的任何原因。这里究竟发生了什么?这是完整的-vvv
输出:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/rainmannoodles/.ssh/id_rsa type -1
debug1: identity file /Users/rainmannoodles/.ssh/id_rsa-cert type -1
debug1: identity file /Users/rainmannoodles/.ssh/id_dsa type -1
debug1: identity file /Users/rainmannoodles/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
ssh_exchange_identification: Connection closed by remote host
答案1
检查服务器上的日志,看看出了什么问题。
我预计 sshd 会抱怨您的配置文件格式不正确。该选项TCPKeepAlive
不能在块中使用Match
,大概是因为 sshd 不支持在身份验证完成后更改该选项的值(该选项从连接开始时使用,在Match
条件可以测试之前)。