这让我很困惑,我有一个家庭服务器(Debian Bookworm)和几台 Raspberry Pi 机器,也都运行着 Raspbian Bookworm。仅用于说明目的
服务器 A Debian Bookworm PI1、PI2、PI3 所有机器都在同一子网上,通过同一个 wifi 接入点连接,防火墙配置相同,所有机器上的用户的 UID 和 GID 都相同
现在我在 ServerA 上有一个 NFS 导出
/mnt/NAS 192.168.1.0/255.255.255.0(no_root_squash,async,insecure,no_subtree_check,nohide,rw,fsid=0,crossmnt)
现在,Pi1 和 Pi2 可以毫无问题地访问此 NFS 共享,一切正常,但 Pi3 似乎安装了共享....它说它已安装,
192.168.1.2:/mnt/NAS on /mnt/NAS type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.1.2,mountvers=3,mountport=56271,mountproto=tcp,local_lock=none,addr=192.168.1.2)
并且服务器端的日志显示挂载成功
Dec 30 16:26:39 thindebian daemon.notice rpc.mountd[2099]: authenticated mount request from 192.168.1.104:1006 for /mnt/NAS (/mnt/NAS)
但如果我尝试使用 ls 查看目录,它只是停留在那里,没有错误,没有拒绝访问......似乎只是挂起,直到我按下 CTRL-C
现在,我认为有点相关......
相同的设置....我无法从 PI3 ssh 到 SERVERA,也无法从 SERVERA ssh 到 PI3,但是...我可以从 PI3 ssh 到 PI1 和 PI2,我可以从 PI1 或 PI2 ssh 到 PI3,我可以从我的笔记本电脑 ssh 到 PI3,我可以从 PI1 和 PI2 ssh 到 SERVERA。
因此基本上,我已经确认 SERVERA 正在接受来自除 PI3 之外的所有设备的传入 ssh 连接 PI3 能够接收来自除 SERVERA 之外的所有设备的传入 ssh 连接 PI3 能够与除 SERVERA 之外的所有设备建立出站 ssh 连接
当我尝试从 Pi3 ssh 到 serverA 时,日志显示连接,但在 Pi3 端什么也没有发生,然后连接显示已关闭
$ ssh [email protected]
Connection closed by 192.168.1.2 port 22
在 SERVERA 日志中只显示
Dec 30 18:02:49 thindebian auth.info sshd[81994]: Connection from 192.168.1.104 port 41742 on 192.168.1.2 port 22 rdomain ""
Dec 30 18:03:54 thindebian auth.crit sshd[81843]: fatal: Timeout before authentication for 192.168.1.104 port 52798
如果我尝试从 Pi1 连接,一切正常
Dec 30 18:07:32 thindebian auth.info sshd[82815]: Connection from 192.168.1.3 port 41426 on 192.168.1.2 port 22 rdomain ""
Dec 30 18:07:57 thindebian auth.info sshd[82815]: Accepted password for root from 192.168.1.3 port 41426 ssh2
Dec 30 18:07:57 thindebian authpriv.debug sshd[82815]: pam_env(sshd:session): deprecated reading of user environment enabled
Dec 30 18:07:57 thindebian authpriv.info sshd[82815]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Dec 30 18:07:57 thindebian authpriv.info (systemd): pam_unix(systemd-user:session): session opened for user root(uid=0) by (uid=0)
Dec 30 18:07:58 thindebian auth.info sshd[82815]: Starting session: shell on pts/2 for root from 192.168.1.3 port 41426 id 0
如果这一切都非常令人困惑,我很抱歉......我知道我现在肯定很困惑......我只是想不明白为什么这两台机器之间似乎存在连接障碍。
更新:所以我甚至没有想到在 ssh 中添加 -v 来获取调试信息...当我这样做时,这就是我尝试从服务器连接到 Pi3 时发生的情况。
debug1: Connecting to 192.168.1.104 [192.168.1.104] port 22.
debug1: Connection established.
debug1: identity file /home/john/.ssh/id_rsa type 0
debug1: identity file /home/john/.ssh/id_rsa-cert type -1
debug1: identity file /home/john/.ssh/id_ecdsa type -1
debug1: identity file /home/john/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/john/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/john/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/john/.ssh/id_ed25519 type -1
debug1: identity file /home/john/.ssh/id_ed25519-cert type -1
debug1: identity file /home/john/.ssh/id_ed25519_sk type -1
debug1: identity file /home/john/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/john/.ssh/id_xmss type -1
debug1: identity file /home/john/.ssh/id_xmss-cert type -1
debug1: identity file /home/john/.ssh/id_dsa type -1
debug1: identity file /home/john/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 -2+deb12u1
debug1: compat_banner: match: OpenSSH_9.2p1 -2+deb12u1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.104:22 as 'john'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
这就是它挂起的地方....基本上当我尝试从 Pi3 ssh 到服务器时也是同样的事情...无论在哪个方向,它都会挂起,等待 SSH2_MSG_KEX_ECDH_REPLY
我确实在这里看到了另一个显示类似问题的帖子,并尝试了该解决方案(调整 MTU 所有机器都是 MTU 1500)以及使用以下方法指定 MAC
ssh -o MACs=hmac-sha2-256 <HOST>
两种解决方案都不起作用。