我正在尝试使用 SSH 或 SFTP 登录到远程机器。
- 当我尝试CLI 时,它没有响应。我得到一个空的新行,我可以在其中输入字符,但仅此而已。
ssh [email protected]
- 当我尝试
SFTP
使用相同的凭据(我用作Transmit
我的 SFTP 客户端)进行连接时,它会一直挂起并且无法连接。
没有错误。没有响应。
该问题并不特定于frbit.com
某个服务器,在我尝试连接的任何其他服务器上都存在该问题。
ssh 客户端调试
使用 -vv 标志运行 ssh 客户端我得到以下输出:
debug1: Reading configuration data /Users/matanya/.ssh/config
debug1: Reading configuration data /usr/local/Cellar/openssh/6.1p1/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to ssh1.eu1.frbit.com [46.137.57.195] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /Users/matanya/.ssh/id_rsa type 1
debug1: identity file /Users/matanya/.ssh/id_rsa-cert type -1
debug1: identity file /Users/matanya/.ssh/id_dsa type 2
debug1: identity file /Users/matanya/.ssh/id_dsa-cert type -1
debug1: identity file /Users/matanya/.ssh/id_ecdsa type -1
debug1: identity file /Users/matanya/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1
debug1: match: OpenSSH_5.5p1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 140/256
debug2: bits set: 543/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 31:4c:71:e0:56:14:04:0d:c7:b2:6c:fc:8a:42:33:2e
debug1: Host 'ssh1.eu1.frbit.com' is known and matches the RSA host key.
debug1: Found key in /Users/matanya/.ssh/known_hosts:2
debug2: bits set: 513/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
ssh-agent 调试
更新:通过我的本地(ssh客户端机器),system.log
我发现了以下内容:
Mar 6 10:28:17 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent[574]): Exited with code: 1
Mar 6 10:28:17 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent): Throttling respawn: Will start in 10 seconds
Mar 6 10:28:27 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent[575]): Exited with code: 1
Mar 6 10:28:27 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent): Throttling respawn: Will start in 10 seconds
Code 1
代表什么?
更新:我发现有问题的文件launchd
位于System/Library/LaunchAgents/org.openbsd.ssh-agent.plist
:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.openbsd.ssh-agent</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/ssh-agent</string>
<string>-l</string>
</array>
<key>ServiceIPC</key>
<true/>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SecureSocketWithKey</key>
<string>SSH_AUTH_SOCK</string>
</dict>
</dict>
<key>EnableTransactions</key>
<true/>
</dict>
</plist>
当我跑步时/usr/bin/ssh-agent
我得到:
SSH_AUTH_SOCK=/var/folders/pg/1g6_hnwx47bgqv5vcm1lq18h0000gn/T//ssh-01WuaHF32SlV/agent.2145; export SSH_AUTH_SOCK;
SSH_AGENT_PID=2146; export SSH_AGENT_PID;
echo Agent pid 2146;
至于-l
标志 ( <string>-l</string>
),我的版本中没有这样的标志ssh-agent
。输出:
ssh-agent: illegal option -- l
ps aux | grep
ssh 输出:
matanya 1121 0.0 0.0 2441136 3280 ?? S 1:53PM 0:00.01 ssh -oNumberOfPasswordPrompts 1 -2 -lu-indgo -s ssh1.eu1.frbit.com sftp
matanya 1116 0.0 0.0 2441136 3280 ?? S 1:52PM 0:00.01 ssh -oNumberOfPasswordPrompts 1 -2 -lu-indgo -s ssh1.eu1.frbit.com sftp
matanya 1101 0.0 0.0 2441136 3280 ?? S 1:51PM 0:00.01 ssh -oNumberOfPasswordPrompts 1 -2 -lu-indgo -s ssh1.eu1.frbit.com sftp
matanya 1095 0.0 0.0 2441136 3280 ?? S 1:50PM 0:00.01 ssh -oNumberOfPasswordPrompts 1 -2 -lu-indgo -s ssh1.eu1.frbit.com sftp
matanya 1084 0.0 0.0 2441136 3280 ?? S 1:50PM 0:00.01 ssh -oNumberOfPasswordPrompts 1 -2 -lu-indgo -s ssh1.eu1.frbit.com sftp
matanya 1593 0.0 0.0 2439184 2092 s000 S+ 2:36PM 0:00.00 grep ssh
SSH 版本:OpenSSH_5.8p2、OpenSSL 0.9.8r 2011 年 2 月 8 日
更新:我发现在系统启动时我最初以哪个用户身份登录并不重要 - 无论是我自己的用户还是 root 用户 -ssh 无法工作,直到我明确地在终端中切换用户(su -
或su matanya
)
更新:
我检查了代码签名。运行codesign -vv /usr/bin/ssh-agent
::
已收到:
/usr/bin/ssh-agent: code object is not signed at all
In architecture: x86_64
应该:
/usr/bin/ssh-agent: valid on disk
/usr/bin/ssh-agent: satisfies its Designated Requirement
更新:
当我跑步:
eval `ssh-agent`
ssh-add
我可以使用 ssh 登录。
答案1
连接时无声失败的原因
您的错误表明您在 iMac 上本地运行system.log
时存在问题。由于某种原因,即使 launchd 尝试重新启动它,它也无法运行。ssh-agent
当您尝试使用任何 ssh 客户端(CLI 或 Transmit)进行连接时,他们会尝试使用,ssh-agent
但由于客户端未运行,因此无法连接。因此,他们只能等待,没有输出或输入。
我不确定是什么阻止了您的 ssh-agent 运行。但是,要在 CLI 上运行 ssh 客户端并使其连接到您的服务器,您可以尝试以下操作:
unset SSH_AUTH_SOCK
ssh [email protected]
# (you'll then be asked for you pass phrase if you use one)
您甚至可以尝试从同一个终端窗口启动 Transmit:
open /Applications/Transmit.app
关于 ssh-agent 调试
如果ssh-agent -l
告诉您该-l
选项是非法的,则意味着您的系统尝试运行的不是原始的 Apple ssh-agent(-l
这是 Apple 未记录的功能)。替换的 ssh-agent 使 launchd 不高兴。 这篇博文可能会有一些解释。
如果您有第三方 ssh 工具(来自 brew、macports 或其他渠道),我建议您将它们移开或升级它们(前提是它们具有 launchd 功能,即:-l
存在该选项)。有效的ssh-agent
调用应该回答类似以下内容:
antoine@amarante:~$ /usr/bin/ssh-agent -l
launch_msg: Operation not permitted
最好检查一下是否从其他地方(例如.bashrc
或其他会话启动脚本)启动 ssh-agent。同时运行多个(可能不同的)ssh-agent 可能会造成问题。
答案2
您可以使用其他程序检查 SSH 连接吗?网络鸭?
我还发现解决方案您需要在以下位置检查启动代理:
/Macintosh HD/Library/LaunchAgents/
/Macintosh HD/Library/LaunchDaemons/
/username/Library/LaunchAgents/
/username/Library/LaunchDaemons/
然后检查缺少的可执行文件或未切换可执行标志的文件。
我的 OpenSSH 本地版本是 OpenSSH_5.9p1,OpenSSL 0.9.8r 2011 年 2 月 8 日
因此您也可以尝试使用 OpenSSH苹果端口或者酿造.如果我需要 OS X 默认没有的东西,我个人更喜欢 macports 而不是 brew。
更新:
- 尝试运行,与上面相同,但禁用代理转发
ssh -a [email protected]
- 检查你的 Keychain Access 密钥是否正确
- 检查你的目录 ~/.ssh 是否具有正确的权限(0600)
- 检查你的密钥是否正确。
- 尝试在执行 ssh 命令之前运行“source `ssh-agent`”
更新2:
在我的系统(OS X 10.8)上,org.openbsd.ssh-agent.plist 如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.openbsd.ssh-agent</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/ssh-agent</string>
<string>-l</string>
</array>
<key>ServiceIPC</key>
<true/>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SecureSocketWithKey</key>
<string>SSH_AUTH_SOCK</string>
</dict>
</dict>
<key>EnableTransactions</key>
<true/>
</dict>
</plist>
我还看到了这一点:
$ /usr/bin/ssh-agent -l
launch_msg: Operation not permitted
$ shasum -a 256 /usr/bin/ssh-agent
e21e2f23819b60f6288edda97427d98413c1bb737d49d313e2857f058627aab6 /usr/bin/ssh-agent