我有一个Ubuntu的盒子,我使用avahi连接到。 连接到那个盒子对所有的服务都可以正常工作(我经常使用AFP,SSH和SMB),但是我注意到每当我使用SSH连接到它时(使用avahi提供的“.local”dns名称- 例如ssh <servername>.local )SSH尝试使用ipv6连接,由于某种原因超时(两分钟后),然后尝试立即连接的ipv4。
我想避免这种超时,因为它真的很烦人,我和其他用户 – 如果SSH首先尝试ipv4或如果通过ipv6 ssh工作,那么这将解决问题。 但到目前为止,我一直无法工作(我已经pipe理的最好的是指定-4选项来SSH以阻止它尝试ipv6)。
我使用Ubuntu 10.04。 任何解决scheme必须在服务器上(而不是客户端),因为有多个客户端连接。 一个可能的复杂性可能是我的局域网设置为只允许链接本地ipv6地址,但我有其他服务器(使用Mac OS),我可以使用ipv6 SSH进入)
我怀疑这个问题可以通过阻止avahi广播ipv6地址,或者通过启用ssh over ipv6来解决,但是据我所知,avahi已经configuration为不广播ipv6地址,并且sshd被configuration为允许ipv6连接!
这里是我的/etc/avahi/avahi-daemon.conf (我不认为我已经改变了Ubuntu的默认设置)
[server] #host-name=foo #domain-name=local #browse-domains=0pointer.de, zeroconf.org use-ipv4=yes use-ipv6=no #allow-interfaces=eth0 #deny-interfaces=eth1 #check-response-ttl=no #use-iff-running=no #enable-dbus=yes #disallow-other-stacks=no #allow-point-to-point=no [wide-area] enable-wide-area=yes [publish] #disable-publishing=no #disable-user-service-publishing=no #add-service-cookie=no #publish-addresses=yes #publish-hinfo=yes #publish-workstation=yes #publish-domain=yes #publish-dns-servers=192.168.50.1, 192.168.50.2 #publish-resolv-conf-dns-servers=yes #publish-aaaa-on-ipv4=yes #publish-a-on-ipv6=no [reflector] #enable-reflector=no #reflect-ipv=no [rlimits] #rlimit-as= rlimit-core=0 rlimit-data=4194304 rlimit-fsize=0 rlimit-nofile=300 rlimit-stack=4194304 rlimit-nproc=3
这里是我的sshd_config(主要更新为只允许pub /私钥):
# What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 180 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication no AllowGroups sshusers # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes
有没有人有任何想法,我可以尝试,或经历过类似的事情?