今天我意识到一件很奇怪的事:
我的本地网络中有一台服务器(运行Ubuntu Server 12.04.4 LTS),其SSH端口可通过互联网访问(我可以使用它连接到它) ssh my.internet.ip.address )。
但是,我今天才意识到我无法在本地网络中连接它( ssh its.local.ip.address 失败没有错误)。
我检查了 /etc/hosts.deny 并明确地添加了我的电脑 /etc/hosts.allow,但这没有改变任何事情。当然,我也试过重启ssh和整个服务器。没有新的更新。
本地连接失败:
myself@my-desktop ~ $ ssh -v its.local.ip.address
OpenSSH_6.2p2 Ubuntu-6ubuntu0.4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to its.local.ip.address [its.local.ip.address] port 22.
debug1: Connection established.
debug1: identity file /home/myself/.ssh/id_rsa type -1
debug1: identity file /home/myself/.ssh/id_rsa-cert type -1
debug1: identity file /home/myself/.ssh/id_dsa type -1
debug1: identity file /home/myself/.ssh/id_dsa-cert type -1
debug1: identity file /home/myself/.ssh/id_ecdsa type -1
debug1: identity file /home/myself/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by its.local.ip.address
myself@my-desktop ~ $
但是,远程连接工作:
myself@my-desktop ~ $ ssh -v my.internet.ip.address
OpenSSH_6.2p2 Ubuntu-6ubuntu0.4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to my.internet.ip.address [my.internet.ip.address] port 22.
debug1: Connection established.
debug1: identity file /home/myself/.ssh/id_rsa type -1
debug1: identity file /home/myself/.ssh/id_rsa-cert type -1
debug1: identity file /home/myself/.ssh/id_dsa type -1
debug1: identity file /home/myself/.ssh/id_dsa-cert type -1
debug1: identity file /home/myself/.ssh/id_ecdsa type -1
debug1: identity file /home/myself/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA [... hidden here ...]
debug1: Host 'my.internet.ip.address' is known and matches the ECDSA host key.
debug1: Found key in /home/myself/.ssh/known_hosts:4
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password
debug1: Next authentication method: password
myself@my.internet.ip.address's password:
[ ... everything works just fine ... ]
造成这个问题的原因是什么,更重要的是如何解决?
注意:增加冗长度( ssh -vvv )在两个输出都不同的点上没有显示任何东西。
我调查了一下
—
MrD
/var/log/auth.log 但那里没有提到我不成功的连接尝试。我没有钥匙 its.local.ip.address 在 ~/.ssh/known_hosts。
你尝试过ping或trace路线吗?也许尝试像http这样的其他协议。您还可以在备用端口上运行sshd以排除流量过滤。
—
chuck
ping, http 和 samba 工作正常(但是, http 很慢?...)。 traceroute 说我用第一跳达到目标。 iptables 没有做任何奇怪的事情(只是标准设置),并且没有安装其他防火墙。我不能尝试更改ssh端口,因为服务器被很多人使用(这就是为什么它可以从互联网上访问)。
你知道为什么吗?
—
trogper
its.local.ip.address在〜/ .ssh / known_hosts?