openSUSE-Leap-42.1 连接不上SSH 大侠们帮我看看

hrg_hg

我下载的openSUSE-Leap-42.1-DVD-x86_64 安装在虚拟机上！物理机，虚拟机都能相互ping通，ssh服务也开启了，防火墙也设置了，就是不能连接ssh用crt.其它虚拟机都能连上

   

1. linux-xlsr:~ # cat /etc/ssh/sshd_config
   
2. #       $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
   
3. 
   
4. # This is the sshd server system-wide configuration file.  See
   
5. # sshd_config(5) for more information.
   
6. 
   
7. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
   
8. 
   
9. # The strategy used for options in the default sshd_config shipped with
   
10. # OpenSSH is to specify options with their default value where
    
11. # possible, but leave them commented.  Uncommented options override the
    
12. # default value.
    
13. 
    
14. #Port 22
    
15. #AddressFamily any
    
16. #ListenAddress 0.0.0.0
    
17. #ListenAddress ::
    
18. 
    
19. # The default requires explicit activation of protocol 1
    
20. #Protocol 2
    
21. 
    
22. # HostKey for protocol version 1
    
23. #HostKey /etc/ssh/ssh_host_key
    
24. # HostKeys for protocol version 2
    
25. #HostKey /etc/ssh/ssh_host_rsa_key
    
26. #HostKey /etc/ssh/ssh_host_dsa_key
    
27. #HostKey /etc/ssh/ssh_host_ecdsa_key
    
28. #HostKey /etc/ssh/ssh_host_ed25519_key
    
29. 
    
30. # Minimum accepted size of the DH parameter p. By default this is set to 1024
    
31. # to maintain compatibility with RFC4419, but should be set higher.
    
32. # Upstream default is identical to setting this to 2048.
    
33. #KexDHMin 1024
    
34. 
    
35. # Lifetime and size of ephemeral version 1 server key
    
36. #KeyRegenerationInterval 1h
    
37. #ServerKeyBits 1024
    
38. 
    
39. # Ciphers and keying
    
40. #RekeyLimit default none
    
41. 
    
42. # Logging
    
43. # obsoletes QuietMode and FascistLogging
    
44. #SyslogFacility AUTH
    
45. #LogLevel INFO
    
46. 
    
47. # Authentication:
    
48. 
    
49. #LoginGraceTime 2m
    
50. PermitRootLogin yes
    
51. #StrictModes yes
    
52. #MaxAuthTries 6
    
53. #MaxSessions 10
    
54. 
    
55. #RSAAuthentication yes
    
56. #PubkeyAuthentication yes
    
57. 
    
58. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
    
59. # but this is overridden so installations will only check .ssh/authorized_keys
    
60. AuthorizedKeysFile      .ssh/authorized_keys
    
61. 
    
62. #AuthorizedPrincipalsFile none
    
63. 
    
64. #AuthorizedKeysCommand none
    
65. #AuthorizedKeysCommandUser nobody
    
66. 
    
67. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    
68. #RhostsRSAAuthentication no
    
69. # similar for protocol version 2
    
70. #HostbasedAuthentication no
    
71. # Change to yes if you don't trust ~/.ssh/known_hosts for
    
72. # RhostsRSAAuthentication and HostbasedAuthentication
    
73. #IgnoreUserKnownHosts no
    
74. # Don't read the user's ~/.rhosts and ~/.shosts files
    
75. #IgnoreRhosts yes
    
76. 
    
77. # To disable tunneled clear text passwords, change to no here!
    
78. PasswordAuthentication yes
    
79. #PermitEmptyPasswords yes
    
80. 
    
81. # Change to no to disable s/key passwords
    
82. #ChallengeResponseAuthentication yes
    
83. 
    
84. # Kerberos options
    
85. #KerberosAuthentication no
    
86. #KerberosOrLocalPasswd yes
    
87. #KerberosTicketCleanup yes
    
88. #KerberosGetAFSToken no
    
89. 
    
90. # GSSAPI options
    
91. #GSSAPIAuthentication no
    
92. #GSSAPICleanupCredentials yes
    
93. #GSSAPIStrictAcceptorCheck yes
    
94. #GSSAPIKeyExchange no
    
95. 
    
96. # Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
    
97. # mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
    
98. # in this release. The use of 'gssapi' is deprecated due to the presence of
    
99. # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
    
100. #GSSAPIEnableMITMAttack no
     
101. 
     
102. 
     
103. # Set this to 'yes' to enable PAM authentication, account processing,
     
104. # and session processing. If this is enabled, PAM authentication will
     
105. # be allowed through the ChallengeResponseAuthentication and
     
106. # PasswordAuthentication.  Depending on your PAM configuration,
     
107. # PAM authentication via ChallengeResponseAuthentication may bypass
     
108. # the setting of "PermitRootLogin without-password".
     
109. # If you just want the PAM account and session checks to run without
     
110. # PAM authentication, then enable this but set PasswordAuthentication
     
111. # and ChallengeResponseAuthentication to 'no'.
     
112. UsePAM yes
     
113. 
     
114. #AllowAgentForwarding yes
     
115. #AllowTcpForwarding yes
     
116. #GatewayPorts no
     
117. X11Forwarding yes
     
118. #X11DisplayOffset 10
     
119. #X11UseLocalhost yes
     
120. #PermitTTY yes
     
121. #PrintMotd yes
     
122. #PrintLastLog yes
     
123. #TCPKeepAlive yes
     
124. #UseLogin no
     
125. UsePrivilegeSeparation sandbox          # Default for new installations.
     
126. #PermitUserEnvironment no
     
127. #Compression delayed
     
128. #ClientAliveInterval 0
     
129. #ClientAliveCountMax 3
     
130. #UseDNS yes
     
131. #PidFile /run/sshd.pid
     
132. #MaxStartups 10:30:100
     
133. #PermitTunnel no
     
134. #ChrootDirectory none
     
135. #VersionAddendum none
     
136. 
     
137. # no default banner path
     
138. #Banner none
     
139. 
     
140. # override default of no subsystems
     
141. Subsystem       sftp    /usr/lib/ssh/sftp-server
     
142. 
     
143. # This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
     
144. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
     
145. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
     
146. AcceptEnv LC_IDENTIFICATION LC_ALL
     
147. 
     
148. # Example of overriding settings on a per-user basis
     
149. #Match User anoncvs
     
150. #       X11Forwarding no
     
151. #       AllowTcpForwarding no
     
152. #       PermitTTY no
     
153. #       ForceCommand cvs server
     
154. linux-xlsr:~ #
     

复制代码

hrg_hg

回复 1# hrg_hg

已经解决，就是还是得在防火墙上设置  允许的服务里 多加一个 serurt shell 服务 就好 了

shang2010

一般从两个角度出发，是否能ping，是否能访问端口服务

hrg_hg

回复 3# shang2010

能ping通，不能访问端口服务，但是端口服务是开启的，就是因为opensuse有个防火墙栏了ssh

action08

opensuse用的什么安装方式哦？？
我大debian系统安装好了默认啥都没有

action08

shell@debian:~$ nmap localhost

Starting Nmap 6.47 ( http://nmap.org ) at 2016-11-01 23:28 HKT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00085s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 999 closed ports
PORT    STATE SERVICE
111/tcp open  rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
shell@debian:~$
shell@debian:~$
shell@debian:~$

houlonglong2008

iptables -F