我正在尝试通过 SSH 访问我最近部署的一台 Azure 机器。当我尝试这样做时,我收到错误:ssh_exchange_identification:读取:操作超时。在使用这种方式之前,我无法访问此服务器,但我能够使用串行控制台连接到服务器,因此我可以更改此机器中的配置。
我检查了 ssh_config 和 sshd_config,并将它们与正常工作的机器进行了比较,这些似乎都是正确的。hosts.allow 和 hosts.deny 为空,但是当我将 sshd: All 添加到 hosts.Allow 时,它不起作用。
Azure 防火墙允许使用端口 22,并且 Firewalld 和 Selinux 已被禁用。Iptables 似乎与 Centos 7 无关,但无论如何已被禁用。
执行 azure 重新部署、重置密码、重置 ssh 公钥或重置配置均无效,创建新的 azure vdi 也是如此。
使用“tail -f /var/log/secure”或“tail -f /var/log/messages”没有产生结果。
ssh 的结果[电子邮件保护]-v :
OpenSSH_7.8p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 10.61.123.17 [10.61.123.17] port 22.
debug1: Connection established.
debug1: identity file /Users/lstoep001/.ssh/id_rsa type 0
debug1: identity file /Users/lstoep001/.ssh/id_rsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_dsa type -1
debug1: identity file /Users/lstoep001/.ssh/id_dsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_ecdsa type -1
debug1: identity file /Users/lstoep001/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_ed25519 type -1
debug1: identity file /Users/lstoep001/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_xmss type -1
debug1: identity file /Users/lstoep001/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
使用命令 /usr/sbin/sshd -ddd -D -e 后:
[lstoep]@nl-zwescijelv001 ~]$ sudo /usr/sbin/sshd -ddd -D -e
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 737
debug2: parse_server_config: config /etc/ssh/sshd_config len 737
debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:25 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:26 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:33 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:66 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:80 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:81 setting GSSAPICleanupCredentials no
debug3: /etc/ssh/sshd_config:97 setting UsePAM yes
debug3: /etc/ssh/sshd_config:103 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:114 setting ClientAliveInterval 180
debug3: /etc/ssh/sshd_config:128 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:129 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:130 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:131 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:134 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:1+4l5FdG3yg7Z7rYhzkLh09GEd+1kpVKKMW6wC+9EGc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:iqOcTP3JTv15EQ6rKGocP2jmP0Z0QQ4c/404sTXcTzI
debug1: private host key #2: ssh-ed25519 SHA256:hcEchCo/rbt56TVziD51gLls8vl2GOZxILy/xMldo8I
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-D'
debug1: rexec_argv[3]='-e'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
===========After trying to connect===============
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 737
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 737
debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:25 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: rexec:26 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: rexec:33 setting SyslogFacility AUTHPRIV
debug3: rexec:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:66 setting PasswordAuthentication yes
debug3: rexec:70 setting ChallengeResponseAuthentication no
debug3: rexec:80 setting GSSAPIAuthentication yes
debug3: rexec:81 setting GSSAPICleanupCredentials no
debug3: rexec:97 setting UsePAM yes
debug3: rexec:103 setting X11Forwarding yes
debug3: rexec:114 setting ClientAliveInterval 180
debug3: rexec:128 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: rexec:129 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: rexec:130 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: rexec:131 setting AcceptEnv XMODIFIERS
debug3: rexec:134 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:1+4l5FdG3yg7Z7rYhzkLh09GEd+1kpVKKMW6wC+9EGc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:iqOcTP3JTv15EQ6rKGocP2jmP0Z0QQ4c/404sTXcTzI
debug1: private host key #2: ssh-ed25519 SHA256:hcEchCo/rbt56TVziD51gLls8vl2GOZxILy/xMldo8I
debug1: inetd sockets after dupping: 3, 3
Connection from 10.35.4.54 port 63036 on 10.61.123.17 port 22
/var/log/secure 的内容:
Feb 26 06:41:50 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/systemctl stop sshd
Feb 26 06:41:50 nl-zwescijelv001 polkitd[532]: Registered Authentication Agent for unix-process:32054:5611464 (system bus name :1.2646 [/usr/bin/pkttyagent--notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Feb 26 06:41:50 nl-zwescijelv001 sshd[869]: Received signal 15; terminating.
Feb 26 06:41:50 nl-zwescijelv001 polkitd[532]: Unregistered Authentication Agent for unix-process:32054:5611464 (system bus name :1.2646, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 26 06:42:18 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:44:59 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:45:17 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:47:39 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd -D -e
Feb 26 06:49:35 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd -D -e
Feb 26 06:50:22 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/systemctl start sshd
Feb 26 06:50:22 nl-zwescijelv001 polkitd[532]: Registered Authentication Agent for unix-process:32350:5662674 (system bus name :1.2675 [/usr/bin/pkttyagent--notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Feb 26 06:50:22 nl-zwescijelv001 sshd[32356]: Server listening on 0.0.0.0 port 22.
Feb 26 06:50:22 nl-zwescijelv001 sshd[32356]: Server listening on :: port 22.
Feb 26 06:50:22 nl-zwescijelv001 polkitd[532]: Unregistered Authentication Agent for unix-process:32350:5662674 (system bus name :1.2675, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 26 06:51:08 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/tail -f /var/log/secure
Feb 26 06:51:37 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/tail -n 100 /var/log/secure
答案1
好吧,看来你不能相信任何人。我和防火墙人员谈过,他们说服务器丢弃了我们的请求,并坚持认为这与机器上的问题有关,我继续工作了一个星期。经过多次坚持,我让他们打开了 ssh 端口,整个过程都完美无缺。