在 SSH 中发送 SSH2_MSG_KEXINIT 后,服务器重置/关闭连接

tag-icon tag-icon ssh fedora
在 SSH 中发送 SSH2_MSG_KEXINIT 后,服务器重置/关闭连接

我重启了 Fedora 25 服务器,因为已经 3 天没重启了(我只安装了 JRE 和 screen),然后发现 SSH 停止工作了。有时连接被重置,有时连接被关闭。

sh-3.2# ssh [email protected]
Connection reset by 192.168.1.127

我不知道如何查看我的日志,因为现在我不再具有 ssh 访问权限,但是如果我使用 ssh -vvv 则会输出以下内容(我不确定 OS X El Capitan 的输出是否与 Linux 一样多)

sh-3.2# ssh -vvv [email protected]
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.127 [192.168.1.127] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.127:22 as 'root'
debug3: hostkeys_foreach: reading file "/var/root/.ssh/known_hosts"
debug1: SSH2_MSG_KEXINIT sent
Connection reset by 192.168.1.127
sh-3.2#

我通常使用公钥进行连接,但使用公钥不会改变上面的输出。Nginx 仍与 Cockpit 一起完美运行,网络方面没有任何变化。如果我尝试通过 SSH 将我的服务器连接到自身,则不会再发生任何变化。(我知道始终使用 root 是不安全的,但我已经尝试了其他所有方法)

[root@localhost ~]# ssh -vvvv localhost                                         
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017                                 
debug1: Reading configuration data /etc/ssh/ssh_config                          
debug3: /etc/ssh/ssh_config line 56: Including file /etc/ssh/ssh_config.d/05-red
hat.conf depth 0                                                                
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf         
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 2: include /etc/crypto-policie
s/back-ends/openssh.config matched no files                                     
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *     
debug2: resolving "localhost" port 22                                           
debug2: ssh_connect_direct: needpriv 0                                          
debug1: Connecting to localhost [::1] port 22.                                  
debug1: Connection established.                                                 
debug1: permanently_set_uid: 0/0                                                
debug1: identity file /root/.ssh/id_rsa type 1                                  
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1                            
debug1: key_load_public: No such file or directory                              
debug1: identity file /root/.ssh/id_dsa type -1                                 
debug1: key_load_public: No such file or directory                              
debug1: identity file /root/.ssh/id_dsa-cert type -1                            
debug1: key_load_public: No such file or directory                              
debug1: identity file /root/.ssh/id_ecdsa type -1                               
debug1: key_load_public: No such file or directory                              
debug1: identity file /root/.ssh/id_ecdsa-cert type -1                          
debug1: key_load_public: No such file or directory                              
debug1: identity file /root/.ssh/id_ed25519 type -1                             
debug1: key_load_public: No such file or directory                              
debug1: identity file /root/.ssh/id_ed25519-cert type -1                        
debug1: Enabling compatibility mode for protocol 2.0                            
debug1: Local version string SSH-2.0-OpenSSH_7.4                                
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4        
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000                       
debug2: fd 3 setting O_NONBLOCK                                                 
debug1: Authenticating to localhost:22 as 'root'                                
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"                 
debug3: send packet: type 20                                                    
debug1: SSH2_MSG_KEXINIT sent                                                   
Connection reset by ::1 port 22                                                 
[root@localhost ~]# ^C

此外,我的网络上的其他设备都无法连接。我没有尝试过 PuTTY,但 Cyber​​duck 只是告诉我“接收失败”。我注意到,在发送“SSH2_MSG_KEXINIT”后,连接总是会重置,但我不知道它是什么。

这也是我的 ssh 配置,所有这些都被注释掉了:

[root@localhost ~]# cat /etc/ssh/ssh_config                                     
#       $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $                                                              

# Host *                                                                        
#   ForwardAgent no                                                             
#   ForwardX11 no                                                               
#   RhostsRSAAuthentication no                                                  
#   ConnectTimeout 0                                                            
#   StrictHostKeyChecking ask                                                   
#   IdentityFile ~/.ssh/identity                                                
#   IdentityFile ~/.ssh/id_rsa                                                  
#   IdentityFile ~/.ssh/id_dsa                                                  
#   IdentityFile ~/.ssh/id_ecdsa                                                
#   IdentityFile ~/.ssh/id_ed25519                                              
#   Port 22                                                                     
#   Protocol 2                                                                  
#   Cipher 3des                                                                 
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3d
es-cbc                                                                          
#   MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160                  
#   EscapeChar ~                                                                
#   Tunnel no                                                                   
#   TunnelDevice any:any                                                        
#   PermitLocalCommand no                                                       
#   VisualHostKey no                                                            
#   ProxyCommand ssh -q -W %h:%p gateway.example.com                            
#   RekeyLimit 1G 1h                                                            
#                                                                               
# To modify the system-wide ssh configuration, create a  *.conf  file under     
#  /etc/ssh/ssh_config.d/  which will be automatically included below           
Include /etc/ssh/ssh_config.d/*.conf

我尝试过 dnf reinstall openssh-server,但什么都没改变。我不确定任何事情,但正如我所说,我不确定如何在 Fedora 25 中查看 OpenSSH 的日志文件(完全不知道?我说的它有日志对吗?)。如果可以修复这个问题就好了,因为它让我 4 个小时无法工作。谢谢。

答案1

为了可见性,关联@Jakuje 的评论帮我解决了这个问题。

将 MTU 大小重置为 576:

ifconfig eth0 mtu 576

仅在运行 ssh 服务器的主机上执行此操作对我来说是可行的,但链接建议在服务器和客户端上都执行此操作。

答案2

好吧。所以,通过 重新启动 sshdsystemctl restart sshd不起作用。但是,有人建议我使用它# /sbin/sshd来启动 OpenSSH。令人惊讶的是,它起作用了,并且一切都像重新启动之前一样正常。我不明白为什么。可能是权限问题。我不确定,但“对等方重置连接”错误似乎是最难调试的错误之一。

相关内容