SSH連線失敗案例
阿新 • • 發佈:2019-01-01
案例1:Read from socket failed: Connection reset by peer
(1)現象
[[email protected] ~]# ssh 192.168.10.1
Read from socket failed: Connection reset by peer
(2) 分析
重啟sshd服務,發現出現如下:
[[email protected] ~]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service
[[email protected] ~]# service sshd status
Redirecting to /bin/systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-01-01 11:37:45 CST; 5s ago
Docs: man:sshd(8)
man:sshd_config( 5)
Main PID: 15252 (sshd)
CGroup: /system.slice/sshd.service
├─14995 sshd: [email protected]/0
├─14997 -bash
├─15252 /usr/sbin/sshd -D
└─15253 /bin/systemctl status sshd.service
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Jan 01 11:37:45 paas-rds-database-cd60 sshd[ 15252]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@..[email protected]@@
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! ... @
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@..[email protected]@@
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_k...en.
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: It is required that your private key files are NO...rs.
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: This private key will be ignored.
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: bad permissions: ignore key: /etc/ssh/ssh_host_ed...key
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: Server listening on :: port 22.
Hint: Some lines were ellipsized, use -l to show in full.
檢視日誌/var/log/message,有如下內容:
Jan 1 11:37:45 localhost sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 1 11:37:45 localhost sshd: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Jan 1 11:37:45 localhost sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 1 11:37:45 localhost sshd: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Jan 1 11:37:45 localhost sshd: It is required that your private key files are NOT accessible by others.
Jan 1 11:37:45 localhost sshd: This private key will be ignored.
Jan 1 11:37:45 localhost sshd: bad permissions: ignore key: /etc/ssh/ssh_host_ecdsa_key
Jan 1 11:37:45 localhost sshd: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
(3)解決辦法
從日誌,我們可以看出/etc/ssh/ssh_host_ecdsa_key檔案的許可權過大導致出現這個問題,因此,解決辦法就是把ssh目錄下的key檔案的許可權縮小,重啟sshd服務。
chmod 600 /etc/ssh/*key*
(4)其他
另外,也可能出現以下幾種情況:
(1)/etc/ssh目錄下key檔案不存在,解決辦法是重新生成key檔案:
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
案例2:ssh_exchange_identification: read: Connection reset by peer
[待補充]