Question

我正在尝试通过ssh访问远程服务器。我无法通过CLI中的ssh命令执行此操作，但使用相同的凭据我可以通过putty ssh访问。

我正在使用ubuntu 12.04。我无法访问ssh服务器，因此无法更改sshd配置文件。

可以通过ssh CLI命令从其他计算机访问ssh服务器，但是从我的mashine这不起作用。凭证是正确的，因为我可以通过putty连接，当我输入密码时，我没有从服务器收到任何消息。它只是紧密联系。

用于通过CLI中的ssh进行连接的

命令是：

ssh -vv someuser@somehost.com

这是输出：

OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to somehost.com [53.52.81.241] port 22.
debug1: Connection established.
debug1: identity file /home/djuki/.ssh/id_rsa type -1
debug1: identity file /home/djuki/.ssh/id_rsa-cert type -1
debug1: identity file /home/djuki/.ssh/id_dsa type -1
debug1: identity file /home/djuki/.ssh/id_dsa-cert type -1
debug1: identity file /home/djuki/.ssh/id_ecdsa type -1
debug1: identity file /home/djuki/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-                  nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-    hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-     v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-    sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 514/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA e5:55:0d:1a:0e:2e:c5:03:db:05:c3:85:af:cf:bd:cd
debug1: Host 'somehost.com' is known and matches the RSA host key.
debug1: Found key in /home/djuki/.ssh/known_hosts:1
debug2: bits set: 499/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/djuki/.ssh/id_rsa ((nil))
debug2: key: /home/djuki/.ssh/id_dsa ((nil))
debug2: key: /home/djuki/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: /home/djuki/.ssh/id_rsa
debug1: Trying private key: /home/djuki/.ssh/id_dsa
debug1: Trying private key: /home/djuki/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
someuser@somehost.com's password: 
debug2: we sent a password packet, wait for reply
Connection closed by 30.52.83.243

Answer 1

首先你可以试试ssh -o GSSAPIAuthentication=no someuser@somehost.com;它应该使Unspecified GSS failure消息消失。

然后，如果你能够与putty连接，你可以连接然后在更高端口上以调试模式运行sshd（你不需要root用户那么做，但是你不需要防火墙阻塞所有港口）：

/usr/sbin/sshd -d -e -p1234

然后您可以尝试使用

连接CLI

ssh -p 1234 someuser@somehost.com

您将在putty会话中看到服务器关闭连接的原因。

Answer 2

检查/ etc / ssh / sshd_config以获取以下其中一项

LoginGraceTime并确保将其设置为您可以输入密码的时间限制。否则，如果您的请求未在时间范围内获得身份验证，它将关闭连接。（示例：这将为您提供1分钟窗口，LoginGraceTime 60）
“UseDNS no”将确保sshd不会尝试解析主机名。如果ssh客户端计算机和服务器使用两个不同的名称服务器，并且它们指向同一主机名的不同IP，则可能最终将您锁定。所以“UseDNS no”会解决这些问题。
“PasswordAuthentication yes”将确保SSHd接受用户输入的密码。

这就是我遇到的所有问题。

密码尝试后ssh服务器关闭连接

2 个答案: