我正在尝试使用 ssh 连接到machine2
运行 Ubuntu 19.10 的 和machine1
运行 Ubuntu 18.04.5 的 。当我尝试使用 的 IP 地址machine2
进行连接时machine1
,我收到以下消息:
[machine1_username]@[machine1_host]:~$ ssh -v [machine2_username]@ip_address
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/[home_directory]/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to [ip_address] [[ip_address]] port 22.
debug1: connect to address [ip_address] port 22: Connection timed out
ssh: connect to host [ip_address]port 22: Connection timed out
当我尝试使用主机名连接时,machine2
收到machine1
以下消息:
ssh: could not resolve hostname [hostname].local: Name or service not known
这两个命令都没有提示我输入密码。公钥已手动存储在目录中的文件中,authorized_keys
但正如我所说,我还没到那一步。.ssh
machine2
我的 ufw 设置已打开machine1
并machine2
允许该端口上的流量,两台机器上都安装了 ssh,openssh-client
已安装在 上machine1
并openssh-server
已安装在 上machine2
。两台机器上的 nmap 命令均表明端口 22/tcp 已打开以进行 ssh 连接。我还验证了 正在machine2
监听Port 22
。
sshd_config
在服务器上:
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port 22
#AddressFamily any
#ListenAddress
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
LogLevel VERBOSE
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
ssh_config
在客户端上:
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
Port 22
# Protocol 2
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected]
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
来自客户machine1
:
[machine1_username]@[machine1_host]:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 22/tcp (v6) ALLOW IN Anywhere (v6)
从服务器machine2
:
[machine2_username@[machine2_host]:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 22/tcp (v6) ALLOW IN Anywhere (v6)
我已确认使用了正确的 IP 地址和用户名。考虑到它们在同一个网络上,我知道我做了一些愚蠢的事情。
答案1
这与身份验证无关。这看起来是固件问题。请检查sudo dmesg
连接是否断开...
答案2
考虑你的第一次尝试
当我尝试使用 machine2 的 ip 地址从 machine1 进行连接时,我收到以下消息:
ssh: connect to host [ip_addr] port 22: Connection Timed out
这意味着machine1
能够路由到ip_addr
并尝试连接。但是,machine2
防火墙已配置为阻止DROP
所有入站连接尝试。您需要放宽限制以允许连接尝试。
sshd
尝试连接到未侦听的客户端(或防火墙设置为REJECT
传入连接)和主机不存在(或防火墙设置为DROP
传入连接)时生成的错误消息之间存在差异
ssh: connect to host […] port 22: Connection refused # Host not listening, or REJECT
ssh: connect to host […] port 22: Connection timed out # No host, or DROP
现在考虑第二次尝试
当我尝试使用主机名从 machine1 连接到 machine2 时,我收到以下消息:
ssh: could not resolve hostname [hostname].local: Name or service not known
这说明machine1
无法将名称hostname
(您是指machine2
?)解析为地址,因此它不知道尝试连接的位置。启用 Bonjour/Avahi,machine2
以便它可以将其地址通告给machine1
。