这是来自 Ubuntu 16.04 客户端的输出:
OpenSSH_7.2p2 Ubuntu-4, OpenSSL 1.0.2g-fips 1 Mar 2016
debug1: Reading configuration data /home/manuth/.ssh/config
debug1: /home/manuth/.ssh/config line 1: Applying options for r2d2.manuth.life
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to r2d2.manuth.life [103.12.163.90] port 900.
debug1: Connection established.
debug1: identity file /home/manuth/.ssh/dqar-rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/manuth/.ssh/dqar-rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4
ssh_exchange_identification: Connection closed by remote host
的路径和权限/home/manuth/.ssh/dqar-rsa也正确:
$ ls -l /home/manuth/.ssh/dqar-rsa*
-rw------- 1 manuth manuth 3243 Nov 7 11:27 /home/manuth/.ssh/dqar-rsa
-rw-r--r-- 1 manuth manuth 740 Nov 7 11:27 /home/manuth/.ssh/dqar-rsa.pub
该主机的条目~/.ssh/config为:
host r2d2.manuth.life
IdentityFile ~/.ssh/dqar-rsa
Port 900
IdentitiesOnly yes
ForwardX11 yes
如果我尝试注释该IdentityFile行,它甚至不会读取其中的任何id_*内容~/.ssh:
OpenSSH_7.2p2 Ubuntu-4, OpenSSL 1.0.2g-fips 1 Mar 2016
debug1: Reading configuration data /home/manuth/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to r2d2.manuth.life [103.12.163.90] port 900.
debug1: Connection established.
debug1: identity file /home/manuth/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/manuth/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/manuth/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/manuth/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/manuth/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/manuth/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/manuth/.ssh/id_ed25519 type 4
debug1: key_load_public: No such file or directory
debug1: identity file /home/manuth/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4
ssh_exchange_identification: Connection closed by remote host
这件事似乎是今天突然发生的。
编辑:内容内~/.ssh:
$ ls -la
insgesamt 36
drwx------ 2 manuth manuth 4096 Nov 7 16:28 .
drwxr-xr-x 53 manuth manuth 4096 Nov 7 13:31 ..
-rw-r--r-- 1 manuth manuth 805 Nov 7 12:10 authorized_keys
-rw-r--r-- 1 manuth manuth 543 Nov 7 13:47 config
-rw------- 1 manuth manuth 411 Nov 7 12:10 dqar-ed25519
-rw-r--r-- 1 manuth manuth 96 Nov 7 12:10 dqar-ed25519.pub
-rw------- 1 manuth manuth 3243 Nov 7 12:10 dqar-rsa
-rw-r--r-- 1 manuth manuth 740 Nov 7 12:10 dqar-rsa.pub
-rw-r--r-- 1 manuth manuth 1990 Nov 7 15:14 known_hosts
编辑2:啊哈,控制台输出是这样的几行:
Nov 7 13:51:32 dqar sshd [11316]: fatal: Missing privilege separation directory: /var/empty
有问题的服务器是 FreeBSD 10.3。
答案1
debug1: identity file /home/manuth/.ssh/dqar-rsa type 1
表示已成功读取文件。但失败原因在其他地方。
ssh_exchange_identification: Connection closed by remote host
这才是真正的问题。由于某种原因,您无法与远程主机建立 SSH 连接。您可能被列入黑名单,/etc/hosts.deny或者服务器由于其他原因(缺少目录、磁盘故障、磁盘已满等)无法接受连接并启动 SSH 协议。服务器的日志会告诉您更多信息。
Nov 7 13:51:32 dqar sshd [11316]: fatal: Missing privilege separation directory: /var/empty
解释得很清楚。如果由于某些原因删除了此目录,则需要创建此目录并设置适当的权限(除 root 外,任何其他用户都无法写入)。
答案2
所以原因是,不知何故,没有/var/empty。我从这个论坛帖子中创建了它(我知道它是为 Juniper 准备的,但它也适用于这个 FreeBSD):
http://forums.juniper.net/t5/Ethernet-Switching/Missing-privilege-separation-directory-var-empty/td-p/173832