我的 ssh 客户端出现了非常奇怪的行为(错误?)。当我尝试将其与 A 记录一起使用时,出现ssh -vvvT github.com以下错误:
ssh -vvvT github.com
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolve_addr: could not resolve name github.com as address: Name or service not known
ssh: Could not resolve host "github.com"
这与我尝试使用指向相同 A 条目的 CNAME 时得到的答案不同(www.github.com IN CNAME github.com):
ssh -vT www.github.com
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Re-reading configuration after hostname canonicalisation
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to www.github.com [192.30.253.113] port 22.
debug1: Connection established.
[...]
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version libssh_0.7.0
debug1: no match: libssh_0.7.0
debug1: Authenticating to www.github.com:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
[...]
Permission denied (publickey).
我们看到这里它等待 DNS 规范化然后才能解析它。
几天来我一直在为此苦苦挣扎。我想我已经尝试了几乎所有我发现的方法,例如:
- 禁用 dnsmasq
- 刷新 DNS 缓存
- 更改解析器服务器
无论是在家还是在办公室(笔记本电脑),我都会遇到同样的问题。所以我猜问题确实出在我的机器上。
该问题不仅与 github 有关,我测试过的任何 A 记录都存在同样的问题......
并且我测试过的所有 DNS 客户端或调试软件都可以毫无问题地解析这些记录(dig、、nslookup等等)。
有人有主意吗?我想了解并解决这个问题,而不是重新安装机器,因为我开始考虑...
system: ubuntu 16.04
ssh version: ssh OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
编辑1:
如上所述,所有“标准”技术似乎都不起作用,因为所有技术似乎都运行良好:
getent hosts github.com
192.30.253.113 github.com
192.30.253.112 github.com
sudo service nscd stop
Failed to stop nscd.service: Unit nscd.service not loaded.
ssh -4 github.com
ssh: Could not resolve host "github.com"
编辑2:这是我的/etc/ssh/ssh_config文件:
~ grep -v '^#' /etc/ssh/ssh_config
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
CanonicalizeHostname yes
CanonicalizeFallbackLocal no
输出dig为github.com:
~ dig github.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15271
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;github.com. IN A
;; ANSWER SECTION:
github.com. 3 IN A 192.30.253.113
github.com. 3 IN A 192.30.253.112
;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Aug 28 14:33:48 CEST 2017
;; MSG SIZE rcvd: 71
并且对于www.github.com:
~ dig www.github.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11119
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.github.com. IN A
;; ANSWER SECTION:
www.github.com. 3600 IN CNAME github.com.
github.com. 45 IN A 192.30.253.112
github.com. 45 IN A 192.30.253.113
;; Query time: 16 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Aug 28 14:34:14 CEST 2017
;; MSG SIZE rcvd: 89
编辑3:
我尝试设置CanonicalizeHostname=no而不是CanonicalizeHostname=yes并且它有效。
我不明白规范化的含义,因为根据 openssh 手册(据我理解)的说法,这仅用于CanonicalizePermittedCNAMEs规则。这意味着它不应该避免使用 A 条目,还是我错了?
答案1
检查 /etc/hosts 文件中是否有干扰查找的内容。hosts 文件在 DNS 解析之前进行处理。
尝试以下命令显示 ssh 尝试解析 github.com 时系统实际返回的内容:
getent hosts github.com
如果返回的不是预期的地址,并且您的主机文件看起来正常,您可以尝试禁用 DNS 缓存。
dnsmasq(如果已安装):
sudo service dnsmasq stop
nscd(如果已安装):
sudo service nscd stop
检查强制 IPv4 查找和连接是否会产生不同的结果也很有趣:
ssh -4 github.com