ssh连接失败,但能ping通服务器
问题描述
能ping通,ssh报错 “Connection reset by peer”
[root@yl-web ~]# ssh root@10.1.101.35
ssh_exchange_identification: read: Connection reset by peer
[root@yl-web ~]# ping 10.1.101.35
PING 10.1.101.35 (10.1.101.35) 56(84) bytes of data.
64 bytes from 10.1.101.35: icmp_seq=1 ttl=64 time=0.587 ms
64 bytes from 10.1.101.35: icmp_seq=2 ttl=64 time=0.722 ms
64 bytes from 10.1.101.35: icmp_seq=3 ttl=64 time=0.475 ms
问题排查
1.判断是否客户端本身问题
终端上输入 ssh -v 服务器的ip ,如果出现以下信息,则可以说明客户端正常,问题主要出在服务器端。
[root@yl-web ~]# ssh -v root@10.1.101.35
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to 10.1.101.35 [10.1.101.35] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
ssh_exchange_identification: read: Connection reset by peer
2.服务器端排查
根据之前的报错提示,“Connection reset by peer” ,很有可能是客户端ip可能被服务器给禁掉了。
通过vi /etc/hosts.allow查看,在最后一行可以看到
sshd: IP段1,IP段2,...
说明之前已经有人在上面做了访问控制,此时只需要在sshd那一行的最后面加上自己的IP地址/地址段即可。
然后重启sshd
#service sshd restart
3.配置完服务器报错
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:b226rUj4dIMPdvutGRAVuPd3ZwQiCS13ab3RPl+pKO8.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
remove with:
ssh-keygen -f "/root/.ssh/known_hosts" -R 10.1.101.35
ECDSA host key for 39.116.118.163 has changed and you have requested strict checking.
Host key verification failed.
lost connection
原因:需要重新获取新的秘钥,这是由于,ssh连接服务器时,如果之前连接过,ssh会默认保存该ip的连接协议信息,当我们再次访问此ip服务器时,ssh会自动匹配之前ssh保存的信息,由于我们的服务器做了更改,例如重装系统等操作,会导致本地保存的ssh信息失效,于是再次连接时就会出现上述错误。
解决方法:直接在终端上上输入命令: ssh-keygen -R ip地址
注意R是大写,不是小写,目的是清除你当前机器里关于你的远程服务器的缓存和公钥信息
root@user-70DGA014CN:/var/lib/redis_7021# ssh-keygen -R 10.1.101.35
# Host 10.1.101.35 found: line 1
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
root@user-70DGA014CN:/var/lib/redis_7021# scp -r 7021dump_20191217.rdb root@39.116.118.163:/home/chenxinming/rdb/
The authenticity of host '10.1.101.35 (10.1.101.35)' can't be established.
ECDSA key fingerprint is SHA256:b226r123123Uj42dIMPd432vutGRAVuuPd3ZwQiCcS13ab3RPl+pKO8.
Are you sure you want to continue connecting (yes/no)?
参考资料:
https://www.cnblogs.com/starof/p/4709805.html
http://www.chenxm.cc/article/980.html
8799
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
