Linux
為什麼 SSHD 掛在“伺服器接受密鑰”
一年來,我一直在使用公鑰身份驗證毫無問題地 ssh 到這個盒子。
沒有對客戶端或伺服器的 ssh 配置進行任何更改。現在,ssh 連接永遠不會完成或失敗,它們只是掛起。以下是嘗試連接時的調試輸出:
OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /home/jivan/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to <host> [<ip>] port <port>. debug1: Connection established. debug1: identity file .ssh/id_rsa.pub type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file .ssh/id_rsa.pub-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-7ubuntu1 debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH_5* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 81:63:05:0c:39:6b:77:d7:a2:25:93:30:80:f1:ba:0e debug1: Host '[<host>]:<port>' is known and matches the ECDSA host key. debug1: Found key in /home/jivan/.ssh/known_hosts:39 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: .ssh/id_rsa.pub debug1: Server accepts key: pkalg ssh-rsa blen 279
伺服器日誌:
Feb 24 12:02:38 balance sshd[5734]: debug1: Forked child 6745. Feb 24 12:02:38 balance sshd[6745]: Set /proc/self/oom_score_adj to 0 Feb 24 12:02:38 balance sshd[6745]: debug1: rexec start in 5 out 5 newsock 5 pip e 7 sock 8 Feb 24 12:02:38 balance sshd[6745]: debug1: inetd sockets after dupping: 3, 3 Feb 24 12:02:38 balance sshd[6745]: Connection from 207.204.228.55 port 57967 Feb 24 12:02:38 balance sshd[6745]: debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-3ubuntu1 Feb 24 12:02:38 balance sshd[6745]: debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH* Feb 24 12:02:38 balance sshd[6745]: debug1: Enabling compatibility mode for prot ocol 2.0 Feb 24 12:02:38 balance sshd[6745]: debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 Feb 24 12:02:39 balance sshd[6745]: debug1: PAM: initializing for "jivan" Feb 24 12:02:39 balance sshd[6745]: debug1: PAM: setting PAM_RHOST to "207.204.228.55" Feb 24 12:02:39 balance sshd[6745]: debug1: PAM: setting PAM_TTY to "ssh" Feb 24 12:02:40 balance sshd[6745]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 Feb 24 12:02:40 balance sshd[6745]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 Feb 24 12:02:40 balance sshd[6745]: debug1: temporarily_use_uid: 1000/1000 (e=0/0) Feb 24 12:02:40 balance sshd[6745]: debug1: trying public key file /home/jivan/.ssh/authorized_keys Feb 24 12:02:40 balance sshd[6745]: debug1: fd 4 clearing O_NONBLOCK Feb 24 12:02:40 balance sshd[6745]: debug1: matching key found: file /home/jivan/.ssh/authorized_keys, line 1 Feb 24 12:02:40 balance sshd[6745]: Found matching RSA key: 5f:8c:76:ad:48:6a:f5:73:03:6a:36:13:c0:ea:3b:45 Feb 24 12:02:40 balance sshd[6745]: debug1: restore_uid: 0/0
任何想法可能是什麼問題?
更新:問題像開始一樣神秘地停止了。仍然對可能導致這種情況的任何見解感興趣。
這通常是由反向 DNS 的問題引起的;前一周剛剛在我的一台舊伺服器上發生了這種情況。您呼叫 是正確的
sshd -d
,但反向 DNS 問題不會真正變得明顯,除非您使用它sshd -ddd
來執行它,以便您看到 debug3 的輸出。雖然反向 DNS 問題並不總是會導致備份如此糟糕,但如果與連接嘗試相關的足夠多的 DNS 查找失敗(即所有 DNS 伺服器完全不可用,或者足夠多的相關區域/反向區域超時),在某些配置下,完全鎖定
ssh
對系統的訪問就足夠了。如果伺服器不耐煩並斷開連接,您將客戶端超時設置多高都沒有關係。