ssh连接失败

layout: linux title: linux1-ssh连接失败 date: 2022-05-27 02:29:32 tags: [linux,ssh] categories: linux toc: true

记一次ssh连接失败问题

ssh: Connection reset by peer 问题描述,连着正常后,断开连接后本ip一直连不上，切换其它机器ssh客户端连接正常，本机切换手机热点ip也正常返回错误 read: Connection reset by peer 详情如下解决办法：方法1:

root@p1:/etc# vim /etc/hosts.allow
sshd: ALL ##所有的都可访问

方法2:

root@p1:/etc# cat /etc/hosts.deny 
sshd: /etc/sshd.deny.hostguard
sshd: /etc/sshd.bip.hostguard

#删除掉即可
root@p1:/etc# cat /etc/sshd.deny.hostguard
113.110.xx.xx 
157.245.61.228

下文记录详细过程

ssh -vvv -i ~/.ssh/pg.pem  root@xx.xx.xx.xx
OpenSSH_8.6p1, LibreSSL 2.8.3
debug1: Reading configuration data /Users/pg/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug2: resolve_canonicalize: hostname xx.xx.xx.xx is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/pg/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/pg/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: ssh_connect_direct: entering
debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /Users/pg/.ssh/pg.pem type -1
debug1: identity file /Users/pg/.ssh/pg.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
kex_exchange_identification: read: Connection reset by peer
Connection reset by xx.xx.xx.xx port 22

云厂商远程支持排查过程如下,有p1,p2,p3仅p1连不上,更换手机热点的ip后可以连上远程操作记录

  129  2022-05-27 00:46:03 root cd /root/.ssh/
  130  2022-05-27 00:46:05 root ll
  131  2022-05-27 00:49:26 root netstat -an
  132  2022-05-27 00:52:33 root cd /var/log/
  133  2022-05-27 00:52:34 root ll
  134  2022-05-27 00:52:38 root ls
  135  2022-05-27 00:53:52 root vim /etc/ssh/sshd_config
  136  2022-05-27 00:58:42 root cd /etc/pam.d/
  137  2022-05-27 00:58:44 root ll
  138  2022-05-27 00:58:53 root vim login 
  139  2022-05-27 01:00:04 root find / -name  deny
  140  2022-05-27 01:00:46 root find / -name  deny*
  141  2022-05-27 01:01:06 root ll
  142  2022-05-27 01:01:25 root vim common-account 
  143  2022-05-27 01:02:05 root vim other 
  144  2022-05-27 01:02:39 root tail -fn 50 /var/log/btmp 
  145  2022-05-27 01:03:33 root cd /var/log/
  146  2022-05-27 01:03:39 root vim btmp 
  147  2022-05-27 01:05:18 root vim /etc/ssh/sshd_config
  148  2022-05-27 01:08:33 root find / -name deny*
  149  2022-05-27 01:09:31 root vim /etc/ssh/sshd_config
  150  2022-05-27 01:21:05 root cd /etc/ssh
  151  2022-05-27 01:21:06 root ll
  152  2022-05-27 01:21:34 root cd sshd_config.d/
  153  2022-05-27 01:21:35 root ll
  154  2022-05-27 01:21:39 root cd ../
  155  2022-05-27 01:21:45 root cd ssh_config.d/
  156  2022-05-27 01:21:46 root ll
  157  2022-05-27 01:22:11 root vim ssh_config
  158  2022-05-27 01:22:14 root ll
  159  2022-05-27 01:22:17 root cd ../
  160  2022-05-27 01:22:21 root vim ssh_config
  161  2022-05-27 01:22:51 root cd /vatlog
  162  2022-05-27 01:22:55 root cd /var/log/
  163  2022-05-27 01:23:07 root vim btmp

告知结果为该ip被拒了,查看云厂商ip在他们那未被禁,暂无解决办法.由于是电信会改ip,以及太晚,可用跳板机登录或等ip切换了再连

后总觉得不踏实,于是调试日志如下服务端抓包如下,在sshd接收到客户端连接后,未回复

root@p1:~# sudo tshark -i eth0  -Y "ip.src==113.110.194.142 or ip.dst==113.110.194.142 and tcp.port==22"
Running as user "root" and group "root". This could be dangerous.
Capturing on 'eth0'
  802 3.924763382 113.110.194.142 → 192.168.0.8  TCP 78 53166 → 22 [SYN] Seq=0 Win=65535 Len=0 MSS=1440 WS=64 TSval=277212638 TSecr=0 SACK_PERM=1
  803 3.924826040  192.168.0.8 → 113.110.194.142 TCP 74 22 → 53166 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=2978239893 TSecr=277212638 WS=128
  804 3.934588780 113.110.194.142 → 192.168.0.8  TCP 66 53166 → 22 [ACK] Seq=1 Ack=1 Win=131328 Len=0 TSval=277212648 TSecr=2978239893
  805 3.935301869 113.110.194.142 → 192.168.0.8  SSH 87 Client: Protocol (SSH-2.0-OpenSSH_8.6)
  806 3.935333653  192.168.0.8 → 113.110.194.142 TCP 66 22 → 53166 [ACK] Seq=1 Ack=22 Win=65152 Len=0 TSval=2978239904 TSecr=277212648
 2021 8.942078038  192.168.0.8 → 113.110.194.142 TCP 66 22 → 53166 [RST, ACK] Seq=1 Ack=22 Win=65152 Len=0 TSval=2978244911 TSecr=277212648

可以看到是正常到了对应的进程,客户端抓包看到了Connection reset,查看登录日志如下，我们看到云厂商139行由于敲错命令,导致未看到该文件

cat /var/log/auth.log | grep xx.xx.xx.xx 
May 27 02:01:02 p1 sshd[3324891]: refused connect from xx.xx.xx.xx (xx.xx.xx.xx)