问题描述:本地无法SSH连接到需要管理的远程服务器。服务器所在IPY.Y.Y.Y是移动线路。X.X.X.X是电信线路。
排查过程:
①:查看linux登陆日志
|
0 1 |
[byrd@WWW ~]$ sudo cat /var/log/secure 其中有一条日志信息是:Did not receive identification string from X.X.X.X #其中X.X.X.X表示我的IP地址 |
结论:查看日志得出,x.x.x.x访问到y.y.y.y,但是y.y.y.y返回的时候出现问题。
②:通过其他linux连接SSH服务器
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[byrd@WWW ~]$ ssh -v Y.Y.Y.Y -p 12345 -l byrd #ssh连接到Y.Y.Y.Y,SSH端口号12345,用户byrd OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to Y.Y.Y.Y port 12345. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: loaded 3 keys debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'Y.Y.Y.Y' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Next authentication method: password byrd@Y.Y.Y.Y's password: |
结论:远程的linux可以ssh到Y.Y.Y.Y,而我本地无法收到y.y.y.y返回的信息。 ③:telnet测试远程服务器端口
|
0 1 2 |
C:\Users\Byrd>telnet Y.Y.Y.Y 12345 正在连接Y.Y.Y.Y...无法打开到主机的连接。 在端口 12345: 连接失败 C:\Users\Byrd> |
结论:telnet.12345端口的时候,有时候可以成功,有时候不可以成功。
④:更换我本地路由器
结论:更换我本地路由器后,问题依旧。
⑤:在网络Z.Z.Z.Z跟踪x.x.x.x、在移动Y.Y.Y.Y网络跟踪X.X.X.X的路由
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
网通: C:\Documents and Settings\Administrator>tracert x.x.x.x Tracing route to x.x.x.x over a maximum of 30 hops 1 2 ms 1 ms 1 ms 172.0.0.0/20 2 2 ms 2 ms 3 ms 218.108.0.x 3 2 ms 2 ms 2 ms 218.X.3.x 4 2 ms 2 ms 2 ms 218.109.5.x 5 3 ms 2 ms 2 ms 218.109.1.x 6 * 50 ms 36 ms 218.X.0.x 7 31 ms 28 ms 90 ms ppp62-121.zs.zj.cninfo.net [61.130.121.62] 其他省略…… LINUX ping结果 7 packets transmitted, 7 received, 0% packet loss, time 6896ms 移动: C:\Documents and Settings\Administrator>tracert x.x.x.x Tracing route to x.x.x.x over a maximum of 30 hops 1 2 4 ms 5 ms 7 ms 120.199.x.x 3 10 ms 3 ms 4 ms 221.131.254.x 4 8 ms 6 ms 6 ms 211.138.114.x 5 5 ms 6 ms 6 ms 211.140.0.x 6 4 ms 4 ms 5 ms 211.138.x.x 7 6 ms 7 ms 7 ms 211.140.14.x 其他省略…… Trace complete. linux ping的结果:21 packets transmitted, 0 received, 100% packet loss, time 20060ms |
⑥:是否Y.Y.Y.Y所有网络路由器问题
结论:经过测试,结论如下:变态的移动路由器应该只开放了一些常用的服务端口比如:22、23、80、443、110、25、143等,其他的非经典端口都顾虑掉了,因此导致数据包无法返回!只是移动→电信的时候有这个问题,貌似移动→联通没有这个问题!判断是由于路由选择的问题。
申明:本文由BYRD原创,未经许可禁止转载!SourceByrd's Weblog-https://note.t4x.org/other/didnot-receive-identification-string-from/
SourceByrd's Weblog-https://note.t4x.org/other/didnot-receive-identification-string-from/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
