ubuntu – 通过中间主机的SSH仅在myuser @ mymac上失败但在其他地方工作

我无法使用我的macbook上的用户通过ssh连接到我的一个数据中心节点.这是最近的一个问题,从几周前开始就完全是功能性的.

奇怪的是,这只会影响我的计算机上的用户,但我可以通过以下方式建立连接:

>同一台计算机上的其他用户,使用相同的ssh密钥,没有任何.ssh / config规则.
>运行macos或ubuntu的不同服务器,具有相同或不同的ssh密钥.

在我的计算机中使用我的用户名和相同的密钥,我可以:

>连接到网关主机
>使用VPN直接连接到节点(遗憾的是,这不是一个长期的解决方案)

我对这个错误感到很困惑.你能帮我找到问题吗?

查看日志,建立与网关的连接,但在连接到节点时出现了某种程度的失败.在客户端:

⌘ ~ ❯ ssh -v -J gatekeeper@gateway ubuntu@node -i ~/.ssh/id_rsa 
OpenSSH_7.3p1,LibreSSL 2.4.1
[...]
debug1: Authentication succeeded (publickey).
Authenticated to gateway ([35.156.248.245]:22).
debug1: channel_connect_stdio_fwd node:22
debug1: channel 0: new [stdio-forward]
debug1: getpeername Failed: Bad file descriptor
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1
debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1
debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1
debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1
debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1
debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1
debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1
debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1
channel 0: open Failed: connect Failed: Connection timed out
stdio forwarding Failed
ssh_exchange_identification: Connection closed by remote host

在网关方面:

admin@gateway:~$grep -e "\[7669\]" -e "\[7739\]" /var/log/auth.log
Mar 13 11:01:20 gateway sshd[7669]: Set /proc/self/oom_score_adj to 0
Mar 13 11:01:20 gateway sshd[7669]: rexec line 32: Deprecated option PermitBlacklistedKeys
Mar 13 11:01:20 gateway sshd[7669]: Connection from <laptop-out-ip> port 62113 on <gateway-ip> port 22
Mar 13 11:01:20 gateway sshd[7669]: Postponed publickey for gatekeeper from <laptop-out-ip> port 62113 ssh2 [preauth]
Mar 13 11:01:20 gateway sshd[7669]: Accepted publickey for gatekeeper from <laptop-out-ip> port 62113 ssh2: RSA 8d:7e:9c:53:11:c9:4d:b3:67:7b:ae:04:03:8f:e2:71
Mar 13 11:01:20 gateway sshd[7669]: pam_unix(sshd:session): session opened for user gatekeeper by (uid=0)
Mar 13 11:01:20 gateway sshd[7669]: User child is on pid 7739
Mar 13 11:03:27 gateway sshd[7739]: error: connect_to <node-ip> port 22: Failed.
Mar 13 11:03:28 gateway sshd[7739]: Connection closed by <laptop-out-ip>
Mar 13 11:03:28 gateway sshd[7739]: Transferred: sent 2252,received 2864 bytes
Mar 13 11:03:28 gateway sshd[7739]: Closing connection to <laptop-out-ip> port 62113
Mar 13 11:03:28 gateway sshd[7669]: pam_unix(sshd:session): session closed for user gatekeeper

在节点端,日志中没有条目.

网关的ssd_config:

# ssh service configuration

AcceptEnv
AddressFamily inet
AllowAgentForwarding yes
AllowGroups
AllowTcpForwarding no
AllowUsers gatekeeper
AuthorizedKeysFile %h/.ssh/authorized_keys
ChallengeResponseAuthentication no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
ClientAliveCountMax 3
ClientAliveInterval 15
Compression delayed
DenyGroups
DenyUsers
GSSAPIAuthentication no
GatewayPorts no
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostbasedAuthentication no
KerberosAuthentication no
ListenAddress 0.0.0.0:22
LogLevel VERBOSE
LoginGraceTime 60
MaxAuthTries 6
MaxSessions 10
MaxStartups 30
PasswordAuthentication no
PermitBlacklistedKeys no
PermitRootLogin no
PermitTunnel no
PermitUserEnvironment no
PidFile /var/run/sshd.pid
PrintLastLog yes
PrintMotd no
Protocol 2
PubkeyAuthentication yes
RSAAuthentication no
RhostsRSAAuthentication no
StrictModes yes
SyslogFacility AUTH
TCPKeepAlive yes
UseDNS no
UseLogin no
UsePAM yes
UsePrivilegeSeparation yes
X11Forwarding no

Match User gatekeeper
AllowTcpForwarding yes
AllowAgentForwarding no
X11Forwarding no
error: connect_to <node-ip> port 22: Failed.

这看起来像sshd config中的PermitOpen选项禁用或限制端口转发.确保允许它,如果没有,请从网关发布sshd_config.

相关文章

1.安装过程出现0x00000000指令引用的0x00000000内存该内存不能为written 如果你安装的是inux系统 需要在...
写在全面:如果根据以下教程涉及到只读文件需要更改文件权限才能需修改文件内容,参考我的另一篇博客:...
写在前面:以下步骤中需要在终端输入命令,电脑端查看博客的朋友可以直接复制粘贴到终端,手机端查看的...
ubuntu16.04和18.04更换国内源 写在前面:安装好ubuntu双系统后,默认的软件更新源是国外的,在国内使用...
ubuntu双系统启动时卡死解决办法(在ubuntu16.04和18.04测试无误) 问题描述: 在安装完ubuntu双系统后...
又来造轮子了。。。。。。。。。。。。。。。。 今天使用w3af向文件中写入的时候,发现没有write权限,...