我有一个Debian 8服务器,但自从几天前,我的服务器提供商告诉我SSh被禁用,但它仍然ping,并启用HTTP / HTTPS。 我必须补充说,我是这个服务器世界的新手,我知道的基本知识,但没有其他的东西
我记得最后一件事情是sshd_config文件,但是我把所有的东西都放回原来的位置(双重检查了另一个我没有碰到的服务器)
所以,当我把我的服务器进入救援模式,我就这样做了
grep 'sshd' /var/log/auth.log 我得到以下内容:
Aug 17 12:23:44 vpsxxxxxx sshd[7974]: pam_unix(sshd:session): session opened for user root by (uid=0) Aug 17 12:23:44 vpsxxxxxx sshd[7974]: Received disconnect from yy.yy.yy.yy: 11: disconnected by user Aug 17 12:23:44 vpsxxxxxx sshd[7974]: pam_unix(sshd:session): session closed for user root Aug 17 12:26:28 vpsxxxxxx sshd[7979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key Aug 17 12:26:28 vpsxxxxxx sshd[7979]: Connection closed by xx.xx.xx.xx [preauth] Aug 17 12:26:52 vpsxxxxxx sshd[7981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key Aug 17 12:26:58 vpsxxxxxx sshd[7981]: Accepted password for root from xx.xx.xx.xx port 65429 ssh2 Aug 17 12:26:58 vpsxxxxxx sshd[7981]: pam_unix(sshd:session): session opened for user root by (uid=0)
我见过也许有超过2个解决scheme,我尝试:运行ssh-keygen -A ,purgin openssh-server并重新安装它,但没有任何工作:关于加载失败相同的密钥相同的错误不断显示,我的连接是当我尝试login时仍然被拒绝。
我还有什么可以尝试?
编辑
这里是ssh -v root@vpsxxxxxx的输出:
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Connecting to vps308451.ovh.net [137.74.194.226] port 22. debug1: connect to address 137.74.194.226 port 22: Connection refused ssh: connect to host vps308451.ovh.net port 22: Connection refused
请不要告诉我这是一个语法/人为错误…
EDIT2
完全忘记了其他两个问题,对此抱歉
我在我的sshd_config文件中有HostKey /etc/ssh/ssh_host_ed25519_key行,并且/ etc / ssh /目录的ls -la输出以下内容:
drwxr-xr-x 2 root root 4096 Aug 17 13:44 . drwxr-xr-x 88 root root 4096 Aug 17 13:28 .. -rw-r--r-- 1 root root 242091 Jul 22 2016 moduli -rw-r--r-- 1 root root 1704 Aug 17 13:27 ssh_config -rw-r--r-- 1 root root 2528 Jun 20 08:29 sshd_config -rw------- 1 root root 672 Aug 17 13:27 ssh_host_dsa_key -rw-r--r-- 1 root root 604 Aug 17 13:27 ssh_host_dsa_key.pub -rw------- 1 root root 227 Aug 17 13:27 ssh_host_ecdsa_key -rw-r--r-- 1 root root 176 Aug 17 13:27 ssh_host_ecdsa_key.pub -rw------- 1 root root 411 Aug 17 13:44 ssh_host_ed25519_key -rw-r--r-- 1 root root 97 Aug 17 13:44 ssh_host_ed25519_key.pub -rw------- 1 root root 980 Aug 17 13:44 ssh_host_key -rw-r--r-- 1 root root 645 Aug 17 13:44 ssh_host_key.pub -rw------- 1 root root 1675 Aug 17 13:27 ssh_host_rsa_key -rw-r--r-- 1 root root 396 Aug 17 13:27 ssh_host_rsa_key.pub
我不得不报告一些东西,当我去文件夹做'ls -la'时,ssh_host_ed25519_key文件不在那儿(我用keygen-ssh -A重新创build了这个文件,但是我几个小时前就已经试过了,它没有工作)
至于权限,如果输出是好还是不好,我都不知道
EDIT2
root@rescue-pro:/etc/ssh# ps -auwx | grep ssh root 868 0.0 0.2 55184 5460 ? Ss 13:27 0:00 /usr/sbin/sshd -D root 7982 0.0 0.2 82680 5860 ? Ss 13:33 0:00 sshd: root@pts/0 root 8009 0.0 0.1 13208 2160 pts/0 S+ 13:55 0:00 grep ssh
编辑3
root@rescue-pro:/home# netstat -lntp | grep sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 868/sshd tcp6 0 0 :::22 :::* LISTEN 868/sshd
编辑4:sshd_config文件
# Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 1024 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes
格式化/重新安装之前,你们是我最后的希望
您可能必须发布sshd_config文件的内容。 你是否也将密钥复制到用户帐户目录中?