一.问题现象
业务部门人员反馈通过公司网络访问电信天翼云服务器,报ssh_exchange_identification: read: Connection reset by peer,但是通过手机热点访问正常。
二.问题排查思路
1.检查公司网络到天翼云网络的联通性
2.检测天翼云虚拟机的安全组策略是否开放
3.检查天翼云虚拟机的防火墙是否开启
4.检查天翼云虚拟机的sshd_config是否限制root用户登录
5.检查天翼云虚拟机的/etc/hosts.allow和/etc/hosts.deny是否限制
三.处理方式
按照问题排查思路,第1至4步骤检查,均无发现异常,重点检查下/etc/hosts.allow 和 /etc/hosts.deny 配置文件。
cat /etc/hosts.allow
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
发现/etc/hosts.allow没有配置,未发现异常
cat /etc/hosts.deny | more
# DenyHosts: Thu Aug 11 08:55:02 2022 | sshd: 218.104.225.140
sshd: 218.104.225.140
# DenyHosts: Thu Aug 11 08:59:04 2022 | sshd: 124.160.96.249
sshd: 124.160.96.249
# DenyHosts: Thu Aug 11 09:10:11 2022 | sshd: 103.226.249.239
sshd: 103.226.249.239
# DenyHosts: Thu Aug 11 09:11:42 2022 | sshd: 185.118.48.206
sshd: 185.118.48.206
# DenyHosts: Thu Aug 11 09:21:47 2022 | sshd: 1.233.83.140
sshd: 1.233.83.140
# DenyHosts: Thu Aug 11 09:21:47 2022 | sshd: 211.110.1.27
sshd: 211.110.1.27
# DenyHosts: Thu Aug 11 09:29:22 2022 | sshd: 143.244.168.93
sshd: 143.244.168.93
# DenyHosts: Thu Aug 11 09:32:23 2022 | sshd: 159.89.19.21
sshd: 159.89.19.21
# DenyHosts: Thu Aug 11 09:33:24 2022 | sshd: 185.126.8.102
sshd: 185.126.8.102
# DenyHosts: Thu Aug 11 09:41:59 2022 | sshd: 92.255.85.69
sshd: 92.255.85.69
# DenyHosts: Thu Aug 11 09:42:29 2022 | sshd: 139.59.189.130
sshd: 139.59.189.130
# DenyHosts: Thu Aug 11 10:00:37 2022 | sshd: 64.227.29.12
发现天翼云虚拟机上面/etc/hosts.deny上面有好多被DenyHosts程序添加禁止访问的IP地址,删除/etc/hosts.deny对应公司的互联网出口IP地址,并重启sshd服务即可访问。需要排查被DenyHosts封堵的原因,一般都是多次尝试登录失败导致。