ssh连接问题及解决

项目场景：

项目场景：通过ssh连接开发板，实现命令交互及sftp传输文件等。

---

问题描述

以下无法连接

ssh 192.168.1.1

 提示错误：

kex_exchange_identification: Connection closed by remote host
Connection closed by 198.18.34.2 port 22

---

原因分析：

 1.确认网络连接正常

C:\Users\game>ping 198.18.34.2

Pinging 198.18.34.2 with 32 bytes of data:
Reply from 198.18.34.2: bytes=32 time=1ms TTL=255
Reply from 198.18.34.2: bytes=32 time=1ms TTL=255
Reply from 198.18.34.2: bytes=32 time=1ms TTL=255
Reply from 198.18.34.2: bytes=32 time=1ms TTL=255

Ping statistics for 198.18.34.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

 2.确认端口开放

C:\Users\game>tcping 198.18.34.2 22

Probing 198.18.34.2:22/tcp - Port is open - time=12.594ms
Probing 198.18.34.2:22/tcp - Port is open - time=2.544ms
Probing 198.18.34.2:22/tcp - Port is open - time=2.422ms
Probing 198.18.34.2:22/tcp - Port is open - time=1.571ms

Ping statistics for 198.18.34.2:22
     4 probes sent.
     4 successful, 0 failed.  (0.00% fail)
Approximate trip times in milli-seconds:
     Minimum = 1.571ms, Maximum = 12.594ms, Average = 4.783ms

 3.Windows ssh client debug log

其中可以看到已经尝试建立正常连接，猜测由于客户端或服务端密钥问题导致。

客户端连接其他开发板正常：客户端问题不大（ssh版本保留怀疑）。

C:\Users\game>ssh -vvvvv 198.18.34.2
OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
debug1: Reading configuration data C:\\Users\\game/.ssh/config
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 198.18.34.2 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> 'C:\\Users\\game/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> 'C:\\Users\\game/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: ssh_connect_direct: entering
debug1: Connecting to 198.18.34.2 [198.18.34.2] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\game/.ssh/id_rsa type 0
......
debug1: identity file C:\\Users\\game/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
kex_exchange_identification: Connection closed by remote host
Connection closed by 198.18.34.2 port 22

 4.server ssh log

用其他方式登录shell，查看系统日志：

问题果然出现在服务端ssh的密钥上，/var目录下没有ssh子目录，没有密钥对，无法建立ssh连接。

# slog2info -anS | grep -i ssh
Jan 01 00:00:03.286                 syslogd.901175                 slog    770     SLOG2_ERROR  :03 localhost inetd[917558-1]: ssh/tcp: bind: Address already in use
Jan 01 00:01:01.964                 syslogd.901175                 slog    770     SLOG2_ERROR  :01 localhost in.sshd[4956279-1]: error: Unable to load host key: /var/ssh/ssh_host_rsa_key
Jan 01 00:01:01.965                 syslogd.901175                 slog    770     SLOG2_ERROR  :01 localhost in.sshd[4956279-1]: error: Unable to load host key: /var/ssh/ssh_host_dsa_key
Jan 01 00:01:01.966                 syslogd.901175                 slog    770     SLOG2_ERROR  :01 localhost in.sshd[4956279-1]: sshd: no hostkeys available -- exiting.

---

解决方案：

 1.创建目录

mkdir -p /var/ssh/

2.根据配置文件生成密钥对：可能只需要rsa即可

ssh-keygen -t dsa -b 1024 -f /var/ssh/ssh_host_dsa_key -N ''
ssh-keygen -t rsa -b 1024 -f /var/ssh/ssh_host_rsa_key -N ''

此时登录仍会报错：

fatal: Missing privilege separation directory: /var/chroot/sshd

3.创建权限管控目录，并修改权限

mkdir -p /var/chroot/sshd
chmod 700 /var/chroot/sshd

4.再次登录：成功进入