我使用 AMI 映像创建了一个新的 AWS EC2 实例,根据我的喜好对其进行配置,并保存了一个映像(将此称为svr01)。然后我使用相同的图像创建了另一个 EC2 实例((将此称为svr02)。两个实例都有弹性 IP,我在外部托管区域中有一个条目,DNS 查找和 ICMP 流量工作正常。我还使用私有 IP 为内部私有区域上的服务器创建了 DNS 记录,并且 DNS/ICMP 在私有区域内部工作正常。
这就是奇怪的部分。我重新启动了 svr01 和 svr02,两者都出现了,但现在我只能从外部 ssh 连接到 svr01...svr02 只是挂起。这是 ssh 连接尝试,非常非常详细的输出:
me$ ssh -vvv svr02.mydomain.tld
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/me/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to svr02.mydomain.tld [123.123.123.123] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/me/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /Users/me/.ssh/id_rsa type 1
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: identity file /Users/me/.ssh/id_dsa type -1
debug1: identity file /Users/me/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "svr02.mydomain.tld" from file "/Users/me/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/me/.ssh/known_hosts:21
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
现在我可以很好地登录到 svr01,并且从 svr01 可以登录到 svr02(使用与外部登录时尝试使用的帐户相同的帐户)。因此,从那里开始,当我尝试从外部 ssh 登录时,我查看了日志,发现:
Feb 23 21:40:49 svr02 sshd[2608]: debug1: Forked child 2647.
Feb 23 21:40:49 svr02 sshd[2647]: Set /proc/self/oom_score_adj to 0
Feb 23 21:40:49 svr02 sshd[2647]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb 23 21:40:49 svr02 sshd[2647]: debug1: inetd sockets after dupping: 3, 3
Feb 23 21:40:49 svr02 sshd[2647]: Connection from 75.172.150.140 port 57827 on 172.31.29.9 port 22
Feb 23 21:40:49 svr02 sshd[2647]: debug1: Client protocol version 2.0; client software version OpenSSH_6.2
Feb 23 21:40:49 svr02 sshd[2647]: debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
Feb 23 21:40:49 svr02 sshd[2647]: debug1: Enabling compatibility mode for protocol 2.0
Feb 23 21:40:49 svr02 sshd[2647]: debug1: Local version string SSH-2.0-OpenSSH_6.6.1
Feb 23 21:40:49 svr02 sshd[2647]: debug1: SELinux support disabled [preauth]
Feb 23 21:40:49 svr02 sshd[2647]: debug1: permanently_set_uid: 74/74 [preauth]
Feb 23 21:40:49 svr02 sshd[2647]: debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Feb 23 21:40:49 svr02 sshd[2647]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Feb 23 21:40:49 svr02 sshd[2647]: debug1: SSH2_MSG_KEXINIT received [preauth]
Feb 23 21:40:49 svr02 sshd[2647]: debug1: kex: client->server aes128-ctr [email protected] none [preauth]
Feb 23 21:40:49 svr02 sshd[2647]: debug1: kex: server->client aes128-ctr [email protected] none [preauth]
Feb 23 21:40:49 svr02 sshd[2647]: debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16 [preauth]
Feb 23 21:40:49 svr02 sshd[2647]: debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16 [preauth]
Feb 23 21:40:51 svr02 sshd[2647]: Connection closed by 75.172.150.140 [preauth]
Feb 23 21:40:51 svr02 sshd[2647]: debug1: do_cleanup [preauth]
Feb 23 21:40:51 svr02 sshd[2647]: debug1: do_cleanup
Feb 23 21:40:51 svr02 sshd[2647]: debug1: Killing privsep child 2648
我想这可能是一些愚蠢的事情,比如/etc/ssh/ssh_host_rsa_key因为它是克隆图像而使用相同的密钥,但它们是不同的。
为了排除安全组,我暂时将其添加到一个允许所有流量进出的组,完全没有限制。
有人有主意吗?
更新
因此,在我创建这篇文章后,我离开了几个小时,现在登录,问题就解决了......如果有人知道可能导致此问题的原因,请告诉我,以防再次发生。