公网 SSH 访问报错:Connection closed by foreign host

aimatwinning

SSH 局域网访问Linux正常，公网访问报错Connection closed by foreign host
之前就是正常访问的，不知道为什么最近访问不了了！！！
路由器上端口映射是没得问题的，我服务器上还装了mysql tomcat   这些在公网访问都是可以正常访问，
在网上搜了很多资料 照着做了 就没起到作用，也许和我的问题本质不一样，
有时候很奇怪，通过公网IP SSH 在xshell上面可以连上大概1秒钟然后报错，有时候直接报错Connection closed by foreign host

之前也用域名解析外网IP访问，同样mysql tomcat可以访问， ssh报同样错误。
GIF record：
于是我在Linux上 ssh -vv root@14.105.94.112 或者 ssh -vv root@我的域名   输出都是如下：

1. 
   
2. [root@topsoft ~]# ssh -vv root@14.105.94.112
   
3. OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
   
4. debug1: Reading configuration data /etc/ssh/ssh_config
   
5. debug1: /etc/ssh/ssh_config line 56: Applying options for *
   
6. debug2: ssh_connect: needpriv 0
   
7. debug1: Connecting to 14.105.94.112 [14.105.94.112] port 22.
   
8. debug1: Connection established.
   
9. debug1: permanently_set_uid: 0/0
   
10. debug1: identity file /root/.ssh/id_rsa type -1
    
11. debug1: identity file /root/.ssh/id_rsa-cert type -1
    
12. debug1: identity file /root/.ssh/id_dsa type -1
    
13. debug1: identity file /root/.ssh/id_dsa-cert type -1
    
14. debug1: identity file /root/.ssh/id_ecdsa type -1
    
15. debug1: identity file /root/.ssh/id_ecdsa-cert type -1
    
16. debug1: identity file /root/.ssh/id_ed25519 type -1
    
17. debug1: identity file /root/.ssh/id_ed25519-cert type -1
    
18. debug1: Enabling compatibility mode for protocol 2.0
    
19. debug1: Local version string SSH-2.0-OpenSSH_6.6.1
    
20. debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
    
21. debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
    
22. debug2: fd 3 setting O_NONBLOCK
    
23. debug1: SSH2_MSG_KEXINIT sent
    
24. debug1: SSH2_MSG_KEXINIT received
    
25. debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    
26. debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
    
27. debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    
28. debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    
29. debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    
30. debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    
31. debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    
32. debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    
33. debug2: kex_parse_kexinit:
    
34. debug2: kex_parse_kexinit:
    
35. debug2: kex_parse_kexinit: first_kex_follows 0
    
36. debug2: kex_parse_kexinit: reserved 0
    
37. debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    
38. debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
    
39. debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    
40. debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    
41. debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    
42. debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    
43. debug2: kex_parse_kexinit: none,zlib@openssh.com
    
44. debug2: kex_parse_kexinit: none,zlib@openssh.com
    
45. debug2: kex_parse_kexinit:
    
46. debug2: kex_parse_kexinit:
    
47. debug2: kex_parse_kexinit: first_kex_follows 0
    
48. debug2: kex_parse_kexinit: reserved 0
    
49. debug2: mac_setup: setup hmac-md5-etm@openssh.com
    
50. debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
    
51. debug2: mac_setup: setup hmac-md5-etm@openssh.com
    
52. debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
    
53. debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
    
54. debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
    
55. debug1: sending SSH2_MSG_KEX_ECDH_INIT
    
56. debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    
57. debug1: Server host key: ECDSA b0:49:62:d0:9f:99:62:49:f2:cc:dd:09:e7:c3:4b:9f
    
58. debug1: Host '14.105.94.112' is known and matches the ECDSA host key.
    
59. debug1: Found key in /root/.ssh/known_hosts:4
    
60. debug1: ssh_ecdsa_verify: signature correct
    
61. debug2: kex_derive_keys
    
62. debug2: set_newkeys: mode 1
    
63. debug1: SSH2_MSG_NEWKEYS sent
    
64. debug1: expecting SSH2_MSG_NEWKEYS
    
65. debug2: set_newkeys: mode 0
    
66. debug1: SSH2_MSG_NEWKEYS received
    
67. debug1: Roaming not allowed by server
    
68. debug1: SSH2_MSG_SERVICE_REQUEST sent
    
69. debug2: service_accept: ssh-userauth
    
70. debug1: SSH2_MSG_SERVICE_ACCEPT received
    
71. debug2: key: /root/.ssh/id_rsa ((nil)),
    
72. debug2: key: /root/.ssh/id_dsa ((nil)),
    
73. debug2: key: /root/.ssh/id_ecdsa ((nil)),
    
74. debug2: key: /root/.ssh/id_ed25519 ((nil)),
    
75. debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    
76. debug1: Next authentication method: gssapi-keyex
    
77. debug1: No valid Key exchange context
    
78. debug2: we did not send a packet, disable method
    
79. debug1: Next authentication method: gssapi-with-mic
    
80. debug1: Unspecified GSS failure.  Minor code may provide more information
    
81. Cannot determine realm for numeric host address
    
82. 
    
83. debug1: Unspecified GSS failure.  Minor code may provide more information
    
84. Cannot determine realm for numeric host address
    
85. 
    
86. debug1: Unspecified GSS failure.  Minor code may provide more information
    
87. 
    
88. 
    
89. debug1: Unspecified GSS failure.  Minor code may provide more information
    
90. Cannot determine realm for numeric host address
    
91. 
    
92. debug2: we did not send a packet, disable method
    
93. debug1: Next authentication method: publickey
    
94. debug1: Trying private key: /root/.ssh/id_rsa
    
95. debug1: Trying private key: /root/.ssh/id_dsa
    
96. debug1: Trying private key: /root/.ssh/id_ecdsa
    
97. debug1: Trying private key: /root/.ssh/id_ed25519
    
98. debug2: we did not send a packet, disable method
    
99. debug1: Next authentication method: password
    
100. root@14.105.94.112's password:
     
101. debug2: we sent a password packet, wait for reply
     
102. Connection closed by 14.105.94.112
     

复制代码

aimatwinning

自挽。。。。  求帮忙分析。。。。

chenyx

是不是你的key有问题?看你贴出来的,key认证没通过,转向password认证了

aimatwinning

回复 3# chenyx


    我把key认证关了也是一样，最开始没有打开证书认证  可以通过外网IP 用账号密码访问，前两天突然访问不了了，找不到原因，ssh我都重装了 还是不行。

chenyx

http://bbs.chinaunix.net/thread-1863631-1-1.html
看看这个帖子的方法能不能解决

aimatwinning

回复 5# chenyx


谢谢，但是无效，按照下面这个也设置了，还是同样的，比较奇怪的是 通过外网IP连接  在xshell里面 貌似连上了  1秒就断开
# vi /etc/ssh/ssh_config
设置：GSSAPIAuthentication no
# vi /etc/ssh/sshd_config
设置：GSSAPIAuthentication no
设置：UseDNS no

lyhabc

这里有一篇文章
http://www.cnblogs.com/MYSQLZOUQI/p/4883519.html

csoho2000

不明所以，换个登录工具试试

aimatwinning

回复 7# lyhabc


    阅ing  去研究一番ing ...

aimatwinning

回复 7# lyhabc


    初步看了下应该是在验证的时候出现的问题，用密码登录，密码肯定是没错的，内网可以正常登录，外网却不可以，怎么去排查？