我无法使用我的macbook上的用户通过ssh连接到我的一个数据中心节点.这是最近的一个问题,从几周前开始就完全是功能性的.
奇怪的是,这只会影响我的计算机上的用户,但我可以通过以下方式建立连接:
>同一台计算机上的其他用户,使用相同的ssh密钥,没有任何.ssh / config规则.
>运行macos或ubuntu的不同服务器,具有相同或不同的ssh密钥.
在我的计算机中使用我的用户名和相同的密钥,我可以:
>连接到网关主机
>使用VPN直接连接到节点(遗憾的是,这不是一个长期的解决方案)
我对这个错误感到很困惑.你能帮我找到问题吗?
查看日志,建立与网关的连接,但在连接到节点时出现了某种程度的失败.在客户端:
⌘ ~ ❯ ssh -v -J gatekeeper@gateway ubuntu@node -i ~/.ssh/id_rsa OpenSSH_7.3p1,LibreSSL 2.4.1 [...] debug1: Authentication succeeded (publickey). Authenticated to gateway ([35.156.248.245]:22). debug1: channel_connect_stdio_fwd node:22 debug1: channel 0: new [stdio-forward] debug1: getpeername Failed: Bad file descriptor debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1 debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1 debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1 debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1 debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1 debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1 debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1 debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1 channel 0: open Failed: connect Failed: Connection timed out stdio forwarding Failed ssh_exchange_identification: Connection closed by remote host
在网关方面:
admin@gateway:~$grep -e "\[7669\]" -e "\[7739\]" /var/log/auth.log Mar 13 11:01:20 gateway sshd[7669]: Set /proc/self/oom_score_adj to 0 Mar 13 11:01:20 gateway sshd[7669]: rexec line 32: Deprecated option PermitBlacklistedKeys Mar 13 11:01:20 gateway sshd[7669]: Connection from <laptop-out-ip> port 62113 on <gateway-ip> port 22 Mar 13 11:01:20 gateway sshd[7669]: Postponed publickey for gatekeeper from <laptop-out-ip> port 62113 ssh2 [preauth] Mar 13 11:01:20 gateway sshd[7669]: Accepted publickey for gatekeeper from <laptop-out-ip> port 62113 ssh2: RSA 8d:7e:9c:53:11:c9:4d:b3:67:7b:ae:04:03:8f:e2:71 Mar 13 11:01:20 gateway sshd[7669]: pam_unix(sshd:session): session opened for user gatekeeper by (uid=0) Mar 13 11:01:20 gateway sshd[7669]: User child is on pid 7739 Mar 13 11:03:27 gateway sshd[7739]: error: connect_to <node-ip> port 22: Failed. Mar 13 11:03:28 gateway sshd[7739]: Connection closed by <laptop-out-ip> Mar 13 11:03:28 gateway sshd[7739]: Transferred: sent 2252,received 2864 bytes Mar 13 11:03:28 gateway sshd[7739]: Closing connection to <laptop-out-ip> port 62113 Mar 13 11:03:28 gateway sshd[7669]: pam_unix(sshd:session): session closed for user gatekeeper
在节点端,日志中没有条目.
网关的ssd_config:
# ssh service configuration AcceptEnv AddressFamily inet AllowAgentForwarding yes AllowGroups AllowTcpForwarding no AllowUsers gatekeeper AuthorizedKeysFile %h/.ssh/authorized_keys ChallengeResponseAuthentication no Ciphers aes128-ctr,aes192-ctr,aes256-ctr ClientAliveCountMax 3 ClientAliveInterval 15 Compression delayed DenyGroups DenyUsers GSSAPIAuthentication no GatewayPorts no HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostbasedAuthentication no KerberosAuthentication no ListenAddress 0.0.0.0:22 LogLevel VERBOSE LoginGraceTime 60 MaxAuthTries 6 MaxSessions 10 MaxStartups 30 PasswordAuthentication no PermitBlacklistedKeys no PermitRootLogin no PermitTunnel no PermitUserEnvironment no PidFile /var/run/sshd.pid PrintLastLog yes PrintMotd no Protocol 2 PubkeyAuthentication yes RSAAuthentication no RhostsRSAAuthentication no StrictModes yes SyslogFacility AUTH TCPKeepAlive yes UseDNS no UseLogin no UsePAM yes UsePrivilegeSeparation yes X11Forwarding no Match User gatekeeper AllowTcpForwarding yes AllowAgentForwarding no X11Forwarding no
error: connect_to <node-ip> port 22: Failed.
这看起来像sshd config中的PermitOpen选项禁用或限制端口转发.确保允许它,如果没有,请从网关发布sshd_config.