在我的 Debian 服务器上,我有一个 eth0 接口 (192.168.10.x),我刚刚添加了 eth1 (176.31.36.x)。我想为 ssh、web 等设置公共访问。
allow-hotplug eth1
iface eth1 inet static
address 176.31.36.x
netmask 255.255.255.240
network 176.31.36.x
broadcast 171.31.36.x
dns-nameservers 8.8.8.8
gateway 176.31.36.x
dns-search mydomain.com
我添加了这些路线:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT -m comment --comment "Allow HTTP"
iptables -I INPUT -p tcp --dport 443 -j ACCEPT -m comment --comment "Allow HTTPS"
iptables -I INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT -m comment --comment "Allow SSH"
之后服务器重新启动。 ping 机器正常,但 ssh 和 web 都没有响应。
例子:
ssh -v 176.31.36.x
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 176.31.36.x [176.31.36.x] port 22.
debug1: Connection established.
debug1: identity file /home/admin/.ssh/id_rsa type -1
debug1: identity file /home/admin/.ssh/id_rsa-cert type -1
debug1: identity file /home/admin/.ssh/id_dsa type -1
debug1: identity file /home/admin/.ssh/id_dsa-cert type -1
debug1: identity file /home/admin/.ssh/id_ecdsa type -1
debug1: identity file /home/admin/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/admin/.ssh/id_ed25519 type -1
debug1: identity file /home/admin/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-3ubuntu1
debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 10:59:34:f5:bb:bb:6b:3f:7a:39:1b:26:24:45:18:cb
debug1: Host '176.31.36.x' is known and matches the ECDSA host key.
debug1: Found key in /home/admin/.ssh/known_hosts:57
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/admin/.ssh/id_rsa
debug1: Trying private key: /home/admin/.ssh/id_dsa
debug1: Trying private key: /home/admin/.ssh/id_ecdsa
debug1: Trying private key: /home/admin/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
更新:netstat 的输出:
sudo netstat -lpn | grep ^tcp
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 508/beam
tcp 0 0 127.0.0.1:44400 0.0.0.0:* LISTEN 508/beam
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 10968/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 846/exim4
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 508/beam
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 443/memcached
tcp6 0 0 :::80 :::* LISTEN 906/apache2
tcp6 0 0 ::1:25 :::* LISTEN 846/exim4
tcp6 0 0 :::443 :::* LISTEN 906/apache2
答案1
在我们交换意见之后,我很清楚这是一个路由问题。其他一些主机正在响应 176.31.36.x,并且 ssh 建立到该主机的连接。
检查(最好是从两个或更多网络上的客户端)您的连接确实路由到正确的 LAN:sudo traceroute 176.31.36.x
,带有变体sudo traceroute -I 176.31.36.x
,sudo traceroute -T 176.31.36.x
在这里可能很有用。
并检查 (176.31.36.x) LAN 上没有任何其他设备获取该地址。
如果一切看起来仍然正确,请检查 (176.31.36.x) LAN 路由器的设置;例如,它可能配置了端口转发,以在其他地方进行 ssh 连接。
现在我很确定它就是其中之一。或者是我想象力的失败,但这似乎越来越不可能。 ;-)