SFTP 客户端连接,但在 OpenSSH 版本停止

tag-icon tag-icon openssl ssh sftp
SFTP 客户端连接,但在 OpenSSH 版本停止

我遇到了一种奇怪的情况,但一直无法确定根本原因。我有一个需要通过 SFTP 连接到互联网的服务。通过 SFTP 连接时,我在调试模式下运行时看到的内容如下:

[user1@localhost-live ~]$ sftp -oIdentityFile=~/.ssh/privatekey -oPort=4321 -vvv [email protected]
OpenSSH_7.9p1, OpenSSL 1.1.1b FIPS  26 Feb 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 1.2.3.4 originally 1.2.3.4
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
debug3: kex names ok: [[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 1.2.3.4 is address
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 1.2.3.4 originally 1.2.3.4
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
debug3: kex names ok: [[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug2: ssh_connect_direct
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 4321.
debug1: Connection established.
debug1: identity file /home/user1/.ssh/privatekey type -1
debug1: identity file /home/user1/.ssh/privatekey-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9

如您所见,连接已建立,我的系统提供了私钥,但在输入“本地版本字符串 SSH-2.0-OpenSSH_7.9”后,客户端和服务器就停止通信了。服务器不会断开连接,或者继续运行。它只是卡住了。

我认为问题可能与 OpenSSH 或 OpenSSL 的版本有关。但似乎都不是。我在客户端运行的是 OpenSSH 7.9p1 和 OpenSSL 1.1.1b。另一端的服务器运行的是以下设置:

 # override default of no subsystems
 Subsystem sftp internal-sftp
 # sftp only on port 4321 (it's exposed to internet)
 Match LocalPort 4321
 ForceCommand internal-sftp
 X11Forwarding no
 AllowTCPForwarding no
 ChrootDirectory /mnt/efs/sftp/%u

这是在 Red Hat 7.4 上运行的 OpenSSH_7.4p1、OpenSSL 1.0.2k-fips。

奇怪的是,我在上面这个例子中使用的客户端是 Fedora 30 版本,并且它非常接近前沿技术。

我在我的机器上本地运行 Manjaro Linux,当我尝试连接到同一系统时,结果不同。我在那里运行的版本是 OpenSSH_8.0p1 和 OpenSSL 1.1.1b。我可以毫无问题地连接。以下是输出;

 [user1@user1-m380 ~]$ sftp -oIdentityFile=~/.ssh/privatekey -oPort=4321 -vvv [email protected]
 OpenSSH_8.0p1, OpenSSL 1.1.1b  26 Feb 2019
 debug1: Reading configuration data /home/user1/.ssh/config
 debug1: /home/user1/.ssh/config line 1: Applying options for *
 debug1: Reading configuration data /etc/ssh/ssh_config
 debug2: resolve_canonicalize: hostname 1.2.3.4 is address
 debug2: ssh_connect_direct
 debug1: Connecting to 1.2.3.4 [1.2.3.4] port 4321.
 debug1: Connection established.
 debug1: identity file /home/user1/.ssh/privatekey type -1
 debug1: identity file /home/user1/.ssh/privatekey-cert type -1
 debug1: Local version string SSH-2.0-OpenSSH_8.0
 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
 debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
 debug2: fd 3 setting O_NONBLOCK
 debug1: Authenticating to 1.2.3.4:4321 as 'user1'
 debug3: put_host_port: [1.2.3.4]:4321
 debug3: hostkeys_foreach: reading file "/home/user1/.ssh/known_hosts"
 debug3: record_hostkey: found key type ECDSA in file /home/user1/.ssh/known_hosts:1177
 debug3: load_hostkeys: loaded 1 keys from [1.2.3.4]:4321
 debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
 debug3: send packet: type 20
 debug1: SSH2_MSG_KEXINIT sent
 debug3: receive packet: type 20
 debug1: SSH2_MSG_KEXINIT received
 debug2: local client KEXINIT proposal
 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
 debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
 debug2: compression ctos: none,[email protected],zlib
 debug2: compression stoc: none,[email protected],zlib
 debug2: languages ctos: 
 debug2: languages stoc: 
 debug2: first_kex_follows 0 
 debug2: reserved 0 
 debug2: peer server KEXINIT proposal
 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
 debug2: compression ctos: none,[email protected]
 debug2: compression stoc: none,[email protected]
 debug2: languages ctos: 
 debug2: languages stoc: 
 debug2: first_kex_follows 0 
 debug2: reserved 0 
 debug1: kex: algorithm: curve25519-sha256
 debug1: kex: host key algorithm: ecdsa-sha2-nistp256
 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
 debug3: send packet: type 30
 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
 debug3: receive packet: type 31
 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:IUUTqOtpUjNSRAOgze0OiVsUoLhm8sgvhTcOtNgFTfe
 debug3: put_host_port: [1.2.3.4]:4321
 debug3: put_host_port: [1.2.3.4]:4321
 debug3: hostkeys_foreach: reading file "/home/user1/.ssh/known_hosts"
 debug3: record_hostkey: found key type ECDSA in file /home/user1/.ssh/known_hosts:1177
 debug3: load_hostkeys: loaded 1 keys from [1.2.3.4]:4321
 debug3: hostkeys_foreach: reading file "/home/user1/.ssh/known_hosts"
 debug3: record_hostkey: found key type ECDSA in file /home/user1/.ssh/known_hosts:1177
 debug3: load_hostkeys: loaded 1 keys from [1.2.3.4]:4321
 debug1: Host '[1.2.3.4]:4321' is known and matches the ECDSA host key.
 debug1: Found key in /home/user1/.ssh/known_hosts:1177
 debug3: send packet: type 21
 debug2: set_newkeys: mode 1
 debug1: rekey out after 134217728 blocks
 debug1: SSH2_MSG_NEWKEYS sent
 debug1: expecting SSH2_MSG_NEWKEYS
 debug3: receive packet: type 21
 debug1: SSH2_MSG_NEWKEYS received
 debug2: set_newkeys: mode 0
 debug1: rekey in after 134217728 blocks
 debug1: Will attempt key: /home/user1/.ssh/privatekey  explicit
 debug2: pubkey_prepare: done
 debug3: send packet: type 5
 debug3: receive packet: type 7
 debug1: SSH2_MSG_EXT_INFO received
 debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
 debug3: receive packet: type 6
 debug2: service_accept: ssh-userauth
 debug1: SSH2_MSG_SERVICE_ACCEPT received
 debug3: send packet: type 50
 debug3: receive packet: type 51
 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
 debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic
 debug3: preferred publickey,keyboard-interactive,password
 debug3: authmethod_lookup publickey
 debug3: remaining preferred: keyboard-interactive,password
 debug3: authmethod_is_enabled publickey
 debug1: Next authentication method: publickey
 debug1: Trying private key: /home/user1/.ssh/privatekey
 Enter passphrase for key '/home/user1/.ssh/privatekey': 
 debug3: sign_and_send_pubkey: RSA SHA256:y1HxyI+tlh1DfEuWDjLHLOSUGXo44YzNnrBSrxFh7vG
 debug3: sign_and_send_pubkey: signing using rsa-sha2-512
 debug3: send packet: type 50
 debug2: we sent a publickey packet, wait for reply
 debug3: receive packet: type 52
 debug1: Authentication succeeded (publickey).
 Authenticated to 1.2.3.4 ([1.2.3.4]:4321).
 debug2: fd 4 setting O_NONBLOCK
 debug3: fd 5 is O_NONBLOCK
 debug1: channel 0: new [client-session]
 debug3: ssh_session2_open: channel_new: 0
 debug2: channel 0: send open
 debug3: send packet: type 90
 debug1: Requesting [email protected]
 debug3: send packet: type 80
 debug1: Entering interactive session.
 debug1: pledge: network
 debug3: receive packet: type 80
 debug1: client_input_global_request: rtype [email protected] want_reply 0
 debug3: receive packet: type 91
 debug2: channel_input_open_confirmation: channel 0: callback start
 debug2: fd 3 setting TCP_NODELAY
 debug3: ssh_packet_set_tos: set IP_TOS 0x20
 debug2: client_session2_setup: id 0
 debug1: Sending subsystem: sftp
 debug2: channel 0: request subsystem confirm 1
 debug3: send packet: type 98
 debug2: channel_input_open_confirmation: channel 0: callback done
 debug2: channel 0: open confirm rwindow 0 rmax 32768
 debug2: channel 0: rcvd adjust 2097152
 debug3: receive packet: type 99
 debug2: channel_input_status_confirm: type 99 id 0
 debug2: subsystem request accepted on channel 0
 debug2: Remote version: 3
 debug2: Server supports extension "[email protected]" revision 1
 debug2: Server supports extension "[email protected]" revision 2
 debug2: Server supports extension "[email protected]" revision 2
 debug2: Server supports extension "[email protected]" revision 1
 debug2: Server supports extension "[email protected]" revision 1
 Connected to [email protected].
 debug3: Sent message fd 3 T:16 I:1
 debug3: SSH_FXP_REALPATH . -> / size 0
 sftp>

与之前的连接不同,我们能够获得目标系统上运行的 OpenSSH 版本,然后就可以开始比赛了。

根据提供的信息,有人能告诉我我可能做错了什么吗?我是否缺少客户端上的配置部分,导致我无法连接?问题可能出在目标系统上吗?

相关内容