- 论坛徽章:
- 0
|
新建的RedHat6.4实体机,之前是可以用root用户远程登录的,某天突然SSH Secure Shell就无法登录了,提示输入密码,回车后就没有任何响应。但用WinSCP还是可以登录,root和其他用户都正常。
在机房实体机终端,停用了iptables防火墙,Selinux也是已经disabled。
在终端输入 ssh root@localhost,提示输入root密码,然后长时间无响应,只能强行退出。
sshd_config 配置如下:
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 10023
#AddressFamily any
#ListenAddress 0.0.0.0
ListenAddress 0.0.0.0:10023
ListenAddress 0.0.0.0:22
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
********************************************************************
[root@localhost 妗岄潰]# ssh -v root@localhost
debug: SshConfig/sshconfig.c:2838/ssh2_parse_config_ext: Metaconfig parsing stopped at line 3.
debug: SshConfig/sshconfig.c:3130/ssh_config_read_file_ext: Read 0 params from config file.
debug: Ssh2/ssh2.c:1707/main: User config file not found, using defaults. (Looked for '/root/.ssh2/ssh2_config')
debug: Connecting to localhost, port 22... (SOCKS not used)
debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version: SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial)
debug: client supports 3 auth methods: 'publickey,keyboard-interactive,password'
debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip = 127.0.0.1, local port = 38854
debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip = 127.0.0.1, remote port = 22
debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
debug: SshReadLine/sshreadline.c:2427/ssh_readline_eloop_initialize: Initializing ReadLine...
debug: Remote version: SSH-2.0-OpenSSH_5.3
debug: OpenSSH: Major: 5 Minor: 3 Revision: 0
debug: Ssh2Transport/trcommon.c:973/ssh_tr_input_version: All versions of OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport/trcommon.c:1367/ssh_tr_negotiate: lang s to c: `', lang c to s: `'
debug: Ssh2Transport/trcommon.c:1433/ssh_tr_negotiate: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1436/ssh_tr_negotiate: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:332/ssh_common_special: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:382/ssh_common_special: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'publickey,gssapi-keyex,gssapi-with-mic,password'.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1800/ssh_client_auth_pubkey: Starting pubkey auth...
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1757/ssh_client_auth_pubkey_agent_open_complete: Agent is not running.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1555/ssh_client_auth_pubkey_agent_list_complete: Got 0 keys from the agent.
debug: SshConfig/sshconfig.c:2745/ssh2_parse_config_ext: Unable to open /root/.ssh2/identification
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1535/ssh_client_auth_pubkey_add_candidates: Trying 0 key candidates.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:989/ssh_client_auth_pubkey_try_this_candidate: All keys declined by server, disabling method.
debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method 'publickey' disabled.
debug: server offers auth methods 'publickey,gssapi-keyex,gssapi-with-mic,password'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting password auth...
root's password: debug: SshReadPass/readpass.c:198/ssh_read_passphrase: got errno 4, system error Interrupted system call
debug: Ssh2Transport/trcommon.c:585/ssh_tr_up_disconnect: Already disconnected.
debug: Ssh2Common/sshcommon.c:169/ssh_common_disconnect: DISCONNECT received: Connection closed.
debug: SshReadLine/sshreadline.c:2485/ssh_readline_eloop_uninitialize: Uninitializing ReadLine...
warning: Authentication failed.
Disconnected; connection lost (Connection closed.).
debug: Ssh2Common/sshcommon.c:662/ssh_common_destroy: Destroying SshCommon object.
debug: SshConnection/sshconn.c:1997/ssh_conn_destroy: Destroying SshConn object.
另外,删除了/root/.ssh/known_hosts,这个没什么影响吧。。。 |
|
免费注册
发表于 2014-06-18 16:38
