我无法通过ssh连接到我的用户在我的MacBook上的一个数据中心节点。 这是最近的一个问题,从几个星期前开始,这个function就非常完美了。
奇怪的是,这只影响我的用户在我的电脑上,但我可以build立连接:
在我的电脑中使用我的用户名和相同的密钥,我可以:
我很困惑这个错误。 你能帮我find问题吗?
查看日志,build立了与网关的连接,但连接到节点时出现故障。 在客户端:
⌘ ~ ❯ ssh -v -J gatekeeper@gateway ubuntu@node -i ~/.ssh/id_rsa OpenSSH_7.3p1, LibreSSL 2.4.1 [...] debug1: Authentication succeeded (publickey). Authenticated to gateway ([35.156.248.245]:22). debug1: channel_connect_stdio_fwd node:22 debug1: channel 0: new [stdio-forward] debug1: getpeername failed: Bad file descriptor debug1: Requesting [email protected] debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype [email protected] want_reply 1 debug1: client_input_global_request: rtype [email protected] want_reply 1 debug1: client_input_global_request: rtype [email protected] want_reply 1 debug1: client_input_global_request: rtype [email protected] want_reply 1 debug1: client_input_global_request: rtype [email protected] want_reply 1 debug1: client_input_global_request: rtype [email protected] want_reply 1 debug1: client_input_global_request: rtype [email protected] want_reply 1 debug1: client_input_global_request: rtype [email protected] want_reply 1 channel 0: open failed: connect failed: Connection timed out stdio forwarding failed ssh_exchange_identification: Connection closed by remote host 在网关方面:
admin@gateway:~$ grep -e "\[7669\]" -e "\[7739\]" /var/log/auth.log Mar 13 11:01:20 gateway sshd[7669]: Set /proc/self/oom_score_adj to 0 Mar 13 11:01:20 gateway sshd[7669]: rexec line 32: Deprecated option PermitBlacklistedKeys Mar 13 11:01:20 gateway sshd[7669]: Connection from <laptop-out-ip> port 62113 on <gateway-ip> port 22 Mar 13 11:01:20 gateway sshd[7669]: Postponed publickey for gatekeeper from <laptop-out-ip> port 62113 ssh2 [preauth] Mar 13 11:01:20 gateway sshd[7669]: Accepted publickey for gatekeeper from <laptop-out-ip> port 62113 ssh2: RSA 8d:7e:9c:53:11:c9:4d:b3:67:7b:ae:04:03:8f:e2:71 Mar 13 11:01:20 gateway sshd[7669]: pam_unix(sshd:session): session opened for user gatekeeper by (uid=0) Mar 13 11:01:20 gateway sshd[7669]: User child is on pid 7739 Mar 13 11:03:27 gateway sshd[7739]: error: connect_to <node-ip> port 22: failed. Mar 13 11:03:28 gateway sshd[7739]: Connection closed by <laptop-out-ip> Mar 13 11:03:28 gateway sshd[7739]: Transferred: sent 2252, received 2864 bytes Mar 13 11:03:28 gateway sshd[7739]: Closing connection to <laptop-out-ip> port 62113 Mar 13 11:03:28 gateway sshd[7669]: pam_unix(sshd:session): session closed for user gatekeeper
在节点端,日志中没有条目。
网关的ssd_config:
# ssh service configuration AcceptEnv AddressFamily inet AllowAgentForwarding yes AllowGroups AllowTcpForwarding no AllowUsers gatekeeper AuthorizedKeysFile %h/.ssh/authorized_keys ChallengeResponseAuthentication no Ciphers aes128-ctr,aes192-ctr,aes256-ctr ClientAliveCountMax 3 ClientAliveInterval 15 Compression delayed DenyGroups DenyUsers GSSAPIAuthentication no GatewayPorts no HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostbasedAuthentication no KerberosAuthentication no ListenAddress 0.0.0.0:22 LogLevel VERBOSE LoginGraceTime 60 MaxAuthTries 6 MaxSessions 10 MaxStartups 30 PasswordAuthentication no PermitBlacklistedKeys no PermitRootLogin no PermitTunnel no PermitUserEnvironment no PidFile /var/run/sshd.pid PrintLastLog yes PrintMotd no Protocol 2 PubkeyAuthentication yes RSAAuthentication no RhostsRSAAuthentication no StrictModes yes SyslogFacility AUTH TCPKeepAlive yes UseDNS no UseLogin no UsePAM yes UsePrivilegeSeparation yes X11Forwarding no Match User gatekeeper AllowTcpForwarding yes AllowAgentForwarding no X11Forwarding no
error: connect_to <node-ip> port 22: failed.
这看起来像在sshd config中禁用或限制了PermitOpen选项。 确保它是允许的,如果没有,请从gateway发布sshd_config 。
我可以使用相同的MacBook和不同的用户使用相同的命令,按键等进行连接
也许你需要运行这个新用户 (在你的主目录下):
ssh-keygen -t rsa ssh-copy-id -i .ssh/id_rsa.pub gatekeeper@gateway ssh-copy-id -i .ssh/id_rsa.pub ubuntu@node
最后,我已经能够找出问题的根源。 我可以通过不采购iterm2 shell集成,或只是将其更新到最新版本来使问题消失。 这可能与使用鱼壳相关。
我没有深入探讨这个问题,如果任何人有兴趣,请让我知道。