我正在尝试在路由器后面设置个人 SSH 服务器,并能够使用我的笔记本电脑连接到它。我已经尝试了几个指南,但到目前为止没有任何效果。我有
- 在我的路由器上启用端口转发,将端口 XXXX 上的所有流量定向到我服务器的端口 22。
- 在我的服务器上启动
sshd守护程序(默认侦听端口 22),并验证我的服务器上的端口 22 已打开。 - 在我的笔记本电脑上使用它
ssh-keygen来生成密钥对,然后通过 USB 将其作为my_key.pub.我在注册机创建过程中将密码字段留空。 - 在服务器上,我
mkdir ~/.ssh和cat my_key.pub >> ~/.ssh/authorized_keys.在笔记本电脑上,我mkdir ~/.ssh将我的私钥移到my_key那里。
我的公共IP是YYY.YYY.YYY.YYY。我的服务器本地IP是192.168.1.73。
当我尝试时, 我发现连接被拒绝,没有其他调试消息。如果没有端口规范,也会发生同样的情况。ssh [email protected] -p XXXX -v
当我尝试时 ,我收到一个密码字段,但没有密码适用于该字段:ssh [email protected] -v
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.73 [192.168.1.73] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.3p1 Debian-1
debug1: match: OpenSSH_7.3p1 Debian-1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.73:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:0wIYI/LCJOSgjJMN9uiinKC5GVwNyH7cVf1CeqnAQEs
debug1: Host '192.168.1.73' is known and matches the ECDSA host key.
debug1: Found key in /home/xps/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xps/.ssh/id_rsa
debug1: Trying private key: /home/xps/.ssh/id_dsa
debug1: Trying private key: /home/xps/.ssh/id_ecdsa
debug1: Trying private key: /home/xps/.ssh/id_ed25519
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
[email protected]'s password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
[email protected]'s password:
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).
在此选项中指定端口会导致另一个连接被拒绝。我对这里出了什么问题感到困惑!
谢谢。
编辑 以下是其余场景的调试信息:
OpenSSH_7.3p1, OpenSSL 1.0.2h 3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to YYY.YYY.YYY.YYY [YYY.YYY.YYY.YYY] port XXXX.
debug1: connect to address YYY.YYY.YYY.YYY port XXXX: Connection refused
ssh: connect to host YYY.YYY.YYY.YYY port XXXX: Connection refused
答案1
根据我的经验,这比你想象的要容易,至少对于我使用 Ubuntu 作为客户端来说是这样。但你需要按照正确的顺序做事。在尝试传输密钥之前,您应该尝试确保可以使用登录名和密码进行连接,这是您的登录信用,不一定是 root。
然后,一旦可以连接,就可以传输密钥:
生成密钥(RSA 或 DSA)
ssh-keygen -t rsa -- or dsa
将密钥传输到远程主机:
ssh-copy-id username@host (your username and the host name or IP)
如果不是标准端口 22:请注意参数周围的引号
ssh-copy-id "username@host -p PortNumber" (substitute number forPortNumber)
我发现设置一个 ddns 帐户来处理外部 IP 地址是最简单的。让事情变得容易多了。
如果你使用 Ubuntu 或类似的东西,你可以找到很好的信息这里。如果没有,或者不起作用,抱歉,但我尝试过。
答案2
有几件事让我尝试:
1)在您的客户端上,协商连接时将使用的默认私钥是~/.ssh/id_rsa 为了指定不同的密钥,您可以像这样指定: ssh -i ~/.ssh/my_key [email protected] -p xxxx
-i 指定要使用的密钥
2) 在服务器上,需要验证authorized_keys该.ssh文件夹的权限是否为准确的。
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
3) 有一个/etc/ssh/sshd_config禁止 root 登录的选项——确保将其关闭:
#PermitRootLogin yes
你想看到 # 哈希符号,这意味着禁止的命令被注释掉了(这样 root 可以登录)
4)如果客户端和服务器在同一个LAN上(简单来说,如果它们都连接到同一个交换机);那么您应该使用私有 IP (192.168.xx) 和端口 22。如果您的客户端位于世界其他地方(麦当劳 WiFi 等),那么您将把您的客户端指向公共 IP 和端口 xxxx。换句话说,如果它们都在同一个 LAN 上,那么路由器根本不起作用!
5) 如果仍然卡住,请检查服务器上的 SSH 日志。 这篇文章是一个很好的指南。 总而言之:
- 如果您的服务器是 Ubuntu 或其变体,请检查
/var/log/auth.log - 如果您的服务器是 CentOS 或其变体,请检查
/var/log/secure
祝你好运,保持联系!