一、故障现象
1)在公司网络某些主机上的ssh阿里云主机报错:
----------------------------------------------------------------------------
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to 106.14.204.65 [106.14.204.65] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
ssh_exchange_identification: read: Connection reset by peer
----------------------------------------------------------------------------
2)阿里云安全组中策略已经对公司外网的IP地址放行。
3)阿里云服务器上/etc/hosts.allow里面也参考https://help.aliyun.com/knowledge_detail/41470.html
# cat /etc/hosts.allow|tail -1
sshd: ALL
# systemctl restart sshd
二、解决方法
云盾控制台->DDos防护->基础防护->点击具体的实例->扫描拦截->白名单设置->添加您的本地IP,再尝试是否能远程
添加完白名单,然后再次测试,告警消失。