SSH:В соединении отказано
Соединение SSH работало правильно, но сегодня к сожалению, оно остановилось.
У меня было много попыток решить его.
linux@mylinux:~ $ ssh root@XX.XX.XXX.XXX
ssh: соединитесь с портом XX.XX.XXX.XXX хоста 22:В соединении отказаноlinux@mylinux:~ $ ssh root@XX.XX.XXX.XXX-p 8787
ssh: соединитесь с портом XX.XX.XXX.XXX хоста 8787:В соединении отказано
>>>linux@mylinux:~$ ssh root@XX.XX.XXX.XXX -vvv
OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "XX.XX.XXX.XXX" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to XX.XX.XXX.XXX [XX.XX.XXX.XXX] port 22.
debug1: connect to address XX.XX.XXX.XXX port 22: Connection refused
ssh: connect to host XX.XX.XXX.XXX port 22: Connection refused
ssh - status
>● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2017-11-18 15:42:28 IST; 31min ago
Main PID: 6940 (sshd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/ssh.service
└─6940 /usr/sbin/sshd -D
Кроме того, я удалил openssh-sever и переустановленный это, но это не может успешно выполниться.
Когда я пытаюсь соединиться через localhost затем, он имеет успех, но на удаленном сайте ему отказывают.
Но я все еще не могу успешно выполниться.
Почему моему соединению SSH отказывают?
cat /etc/ssh/sshd_config
Host *
*# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
*# This is the sshd server system-wide configuration file. See
*# sshd_config(5) for more information.
*# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
*# The strategy used for options in the default sshd_config shipped with
*# OpenSSH is to specify options with their default value where
*# possible, but leave them commented. Uncommented options override the
*# default value.
*#Port 22
*#AddressFamily any
*#ListenAddress 0.0.0.0
*#ListenAddress ::
*#HostKey /etc/ssh/ssh_host_rsa_key
*#HostKey /etc/ssh/ssh_host_ecdsa_key
*#HostKey /etc/ssh/ssh_host_ed25519_key
*# Ciphers and keying
*#RekeyLimit default none
*# Logging
*#SyslogFacility AUTH
*#LogLevel INFO
*# Authentication:
*#LoginGraceTime 2m
*#PermitRootLogin prohibit-password
*#StrictModes yes
*#MaxAuthTries 6
*#MaxSessions 10
*#PubkeyAuthentication yes
*# Expect .ssh/authorized_keys2 to be disregarded by default in future.
*#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
*#AuthorizedPrincipalsFile none
*#AuthorizedKeysCommand none
*#AuthorizedKeysCommandUser nobody
*# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
*#HostbasedAuthentication no
*# Change to yes if you don't trust ~/.ssh/known_hosts for
*# HostbasedAuthentication
*#IgnoreUserKnownHosts no
*# Don't read the user's ~/.rhosts and ~/.shosts files
*#IgnoreRhosts yes
*# To disable tunneled clear text passwords, change to no here!
*#PasswordAuthentication yes
*#PermitEmptyPasswords no
*# Change to yes to enable challenge-response passwords (beware issues with
*# some PAM modules and threads)
ChallengeResponseAuthentication no
*# Kerberos options
*#KerberosAuthentication no
*#KerberosOrLocalPasswd yes
*#KerberosTicketCleanup yes
*#KerberosGetAFSToken no
*# GSSAPI options
*#GSSAPIAuthentication no
*#GSSAPICleanupCredentials yes
*#GSSAPIStrictAcceptorCheck yes
*#GSSAPIKeyExchange no
*# Set this to 'yes' to enable PAM authentication, account processing,
*# and session processing. If this is enabled, PAM authentication will
*# be allowed through the ChallengeResponseAuthentication and
*# PasswordAuthentication. Depending on your PAM configuration,
*# PAM authentication via ChallengeResponseAuthentication may bypass
*# the setting of "PermitRootLogin without-password".
*# If you just want the PAM account and session checks to run without
*# PAM authentication, then enable this but set PasswordAuthentication
*# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
*#AllowAgentForwarding yes
*#AllowTcpForwarding yes
*#GatewayPorts no
X11Forwarding yes
*#X11DisplayOffset 10
*#X11UseLocalhost yes
*#PermitTTY yes
PrintMotd no
*#PrintLastLog yes
*#TCPKeepAlive yes
*#UseLogin no
*#UsePrivilegeSeparation sandbox
*#PermitUserEnvironment no
*#Compression delayed
*#ClientAliveInterval 0
*#ClientAliveCountMax 3
*#UseDNS no
*#PidFile /var/run/sshd.pid
*#MaxStartups 10:30:100
*#PermitTunnel no
*#ChrootDirectory none
*#VersionAddendum none
*# no default banner path
*#Banner none
*# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
*# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
*# Example of overriding settings on a per-user basis
*#Match User anoncvs
*# X11Forwarding no
*# AllowTcpForwarding no
*# PermitTTY no
*# ForceCommand cvs server
Здесь
sudo netstat-tlpena | grep-i "ssh"
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 25237 1260/sshd
tcp6 0 0 :::22 :::* LISTEN 0 25239 1260/sshd
И
sudo iptables-S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
1
задан Peter Mortensen
14 April 2018 в 10:52
поделиться
1 ответ
Отредактируйте конфигурацию sshd с помощью:
Port 22
PermitRootLogin yes
и перезапустите службу sshd. Кроме того, не знаете, почему ваши строки начинаются с *, это проблема форматирования? Если в sshd есть *, пожалуйста, сделайте sed -i 's/^*//g' /etc/ssh/sshd_config
0
ответ дан fugitive
14 April 2018 в 10:52
поделиться