1,问题表现
2,问题原因
3,问题解决
4,检验想法
5,博客记录
1,问题表现
ssh登录 问题的表现: [email protected]:~$ ssh [email protected] OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /home/chunli/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 172.16.20.139 [172.16.20.139] port 22. debug1: Connection established. debug1: identity file /home/chunli/.ssh/id_rsa type 1 debug1: identity file /home/chunli/.ssh/id_rsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_dsa type -1 debug1: identity file /home/chunli/.ssh/id_dsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_ecdsa type -1 debug1: identity file /home/chunli/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_ed25519 type -1 debug1: identity file /home/chunli/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA b4:7f:1f:34:3a:e5:a3:3f:03:6c:de:7f:d9:0e:db:ba debug1: Host ‘172.16.20.139‘ is known and matches the RSA host key. debug1: Found key in /home/chunli/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received #阻塞在这里,大约5秒 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/chunli/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). Authenticated to 172.16.20.139 ([172.16.20.139]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = zh_CN.UTF-8 Last login: Thu Feb 23 10:27:51 2017 from 172.16.20.245 [[email protected] ~]$ [[email protected] ~]$ [[email protected] ~]$
2,问题原因
GSSAPIAuthentication选项的作用:是否允许使用基于 GSSAPI 的用户认证。默认为yes
3,问题解决
登录到对方的Linux 修改ssh服务器配置文件 vim /etc/ssh/ssh_config GSSAPIAuthentication yes 改为 GSSAPIAuthentication no [[email protected] ~]$ vim /etc/ssh/ssh_config # $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # GSSAPIKeyExchange no # GSSAPITrustDNS no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no Host * GSSAPIAuthentication no #默认yes ,改为 no # If this option is set to yes then remote X11 clients will have full access # to the original X11 display. As virtually no X11 client supports the untrusted # mode correctly we set this to yes. ForwardX11Trusted yes # Send locale-related environment variables SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE SendEnv XMODIFIERS 重启sshd [[email protected] ~]$ sudo service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ] [[email protected] ~]$
4,检验想法
[email protected]:~$ ssh [email protected] OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /home/chunli/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 172.16.20.139 [172.16.20.139] port 22. debug1: Connection established. debug1: identity file /home/chunli/.ssh/id_rsa type 1 debug1: identity file /home/chunli/.ssh/id_rsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_dsa type -1 debug1: identity file /home/chunli/.ssh/id_dsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_ecdsa type -1 debug1: identity file /home/chunli/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/chunli/.ssh/id_ed25519 type -1 debug1: identity file /home/chunli/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA b4:7f:1f:34:3a:e5:a3:3f:03:6c:de:7f:d9:0e:db:ba debug1: Host ‘172.16.20.139‘ is known and matches the RSA host key. debug1: Found key in /home/chunli/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/chunli/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). Authenticated to 172.16.20.139 ([172.16.20.139]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = zh_CN.UTF-8 Last login: Thu Feb 23 10:28:00 2017 from 172.16.20.245 [[email protected] ~]$
5,博客记录
非常快速的完成登录!
时间: 2024-08-27 16:34:23