更改 sources.list 后 SSH 连接关闭

更改 sources.list 后 SSH 连接关闭

在 Ubuntu 19.04 Digital Ocean 服务器上工作。更新sources.list到 focal 后,我可以更新存储库并安装 certbot,但我发现自己被锁定在服务器之外,并显示消息Connection refused
设法通过 Digital Ocean 恢复控制台进入,并检查所有 ssh 配置、authorized_keys文件、所有内容,但找不到错误。
我发现是针对服务器的 ssh 暴力攻击,所以我更改了端口。之后,当我尝试通过终端连接到服务器时,
我开始收到消息。 在这里,我留下了、、、使用ssh 连接的输出,以及在恢复控制台内制作的输出。Connection Closed
ssh_configsshd_configsources.listapt update
ssh_config

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#bunch of commented options
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes

sshd_config

#   $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Port <PORT>
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication no

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no 

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin yes
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem   sftp    /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

sources.list,现在用 groovy 更改,但最初用 focal 更改

## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
##     or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://mirrors.digitalocean.com/ubuntu/ groovy main restricted
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://mirrors.digitalocean.com/ubuntu/ groovy-updates main restricted
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://mirrors.digitalocean.com/ubuntu/ groovy universe
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy universe
deb http://mirrors.digitalocean.com/ubuntu/ groovy-updates universe
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://mirrors.digitalocean.com/ubuntu/ groovy multiverse
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy multiverse
deb http://mirrors.digitalocean.com/ubuntu/ groovy-updates multiverse
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://mirrors.digitalocean.com/ubuntu/ groovy-backports main restricted universe multiverse
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu groovy partner
# deb-src http://archive.canonical.com/ubuntu groovy partner

deb http://old-releases.ubuntu.com/ubuntu groovy-security main restricted
# deb-src http://old-releases.ubuntu.com/ubuntu groovy-security main restricted
deb http://old-releases.ubuntu.com/ubuntu groovy-security universe
# deb-src http://old-releases.ubuntu.com/ubuntu groovy-security universe
deb http://old-releases.ubuntu.com/ubuntu groovy-security multiverse
# deb-src http://old-releases.ubuntu.com/ubuntu groovy-security multiverse

在服务器上,通过 recory 控制台,sudo apt update

[...]
Err:5  groovy-updates Release
  404  Not Found [IP: 172.67.148.71 80]
Err:6  Release
  404  Not Found [IP: 172.67.148.71 80]
Hit:7  disco InRelease
Ign:8  disco InRelease
Err:9  disco Release
  404  Not Found [IP: 185.125.190.52 80]
[...]

在客户端上,ssh -vvvv -i <key> <user>@<ip>

OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /home/ivangk/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname <IP> is address
debug2: ssh_connect_direct
debug1: Connecting to <IP> [<IP>] port <PORT>.
debug1: Connection established.
[...]
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
Connection closed by <IP> port <PORT>

我不知道是什么原因导致了这个问题。如果我这样做,lsof -i:<PORT>我会得到我配置的正确端口,并且 ssh 可以通过 处于活动状态systemctl status sshd

相关内容