내 문제: Arco Linux PC에서 외부 SSH 서버("Uberspace" 및 "GitHub")에 연결할 수 없습니다. 내부 SSH 서버에 연결하려고 하면 작동하지만 비밀번호 인증으로 대체됩니다.
테스트를 위해 다음 SSH 클라이언트/서버를 사용했습니다.
- 로컬 SSH 클라이언트(LinuxPC, MBP, Banana,
- 로컬 SSH 서버(Banana(192.168.1.57) 및 MBP(192.168.1.22)) 및
- 테스트용 원격 SSH 서버(Uberspace(185.26.156.188) 및 GitHub)
나는 다음을 수행했습니다.
ssh-copy-id를 통해 LinuxPC 및 MBP의 공개 키를 Banana로 전달하고 웹 인터페이스를 사용하여 Uberspace 및 GitHub로 전달합니다. LinuxPC에서 Uberspace로의 ssh-copy-id는 가능해야 하지만 "네트워크에 연결할 수 없음"이 발생합니다.
그런 다음 SSH 키 인증을 통해 연결을 시도했고 다음과 같은 결과를 얻었습니다.
리눅스PC -> MBP: 이전에 ssh-copy-id에 성공했는데도 여전히 비밀번호를 묻습니다. 비밀번호가 유효합니다.
LinuxPC -> 바나나: 이전에 ssh-copy-id에 성공했는데도 여전히 비밀번호를 묻습니다. 비밀번호가 유효합니다.
LinuxPC -> Uberspace: 연결이 거부되었습니다/네트워크에 연결할 수 없습니다
LinuxPC->GitHub: 연결이 거부되었습니다.
MBP -> 바나나: 공개키 검증을 사용할 수 있습니다.
MBP -> 우버 스페이스: 공개키 검증을 사용할 수 있습니다.
MBP->GitHub: 공개키 검증을 사용할 수 있습니다.
바나나->우주공간(네트워크에 연결할 수 없음, 연결이 거부됨)
바나나->MBP(공개 키 인증에서는 잘 작동함)
바나나 -> GitHub(연결이 거부됨)
그래서 이렇게 생겼네요...
- 외부 SSH 서버(Uberspace, GitHub)는 공개 키 인증(MBP에서)을 통해 내 인트라넷에서 연결할 수 있습니다.
- LinuxPC는 비밀번호 인증을 통해 내부 서버(MBP 및 Banana)에 연결할 수 있습니다.
- 공개 키 인증을 사용하여 LinuxPC에서 SSH를 실행할 수 없습니다.
- SSH를 통해 Linux PC에서 외부 서버에 연결할 수 없습니다.
내 방화벽은 꺼져 있고 LinuxPC와 MBP는 동일한 라우터(FritzBox)에 연결되어 있습니다. 라우터에는 특정 설정이 없으므로 LinuxPC, MBP 및 Banana에서 동일하게 작동해야 합니다.
이것ssh_configLinuxPC의 내용은 이 기사의 끝에 있습니다. 누락된 부분이나 오류가 있나요? 내용을 바꾸지 않았습니다.
어떤 팁이나 지침이라도 좋을 것입니다.
매우 감사합니다!
세부 사항:
바나나->우주공간
bananapi@BANANA ~ $ ssh -v [email protected]
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to elst.uberspace.de [185.26.156.188] port 22.
debug1: connect to address 185.26.156.188 port 22: Connection refused
debug1: Connecting to elst.uberspace.de [2a00:d0c0:200:0:b9:1a:9c:8e] port 22.
debug1: connect to address 2a00:d0c0:200:0:b9:1a:9c:8e port 22: Network is unreachable
ssh: connect to host elst.uberspace.de port 22: Network is unreachable
bananapi@BANANA ~ $ ssh-copy-id [email protected]
ssh: connect to host elst.uberspace.de port 22: Network is unreachable
bananapi@BANANA ~ $ nc -vz 95.143.172.245 22
nc: connect to 95.143.172.245 port 22 (tcp) failed: Connection refused
bananapi@BANANA ~ $ nc -vz 185.26.156.188 22
nc: connect to 185.26.156.188 port 22 (tcp) failed: Connection refused
바나나 -> MBP (확인)
bananapi@BANANA ~ $ ssh-copy-id [email protected]
Now try logging into the machine, with "ssh '[email protected]'", and check in:
~/.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
bananapi@BANANA ~ $ ssh [email protected]
Last login: Tue Jan 12 15:05:18 2021 from 192.168.1.57
The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.
LinuxPC -> MBP(비밀번호만)
[xxx@Linux-PC ~]$ ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/xxx/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[xxx@Linux-PC ~]$ ssh [email protected]
Enter passphrase for key '/home/xxx/.ssh/id_rsa':
Password:
Last login: Tue Jan 12 15:34:19 2021 from 192.168.1.54
The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.
xxxs-MBP:~ xxx$
참고: 이전에 공개키를 업로드했는데도 비밀번호를 묻는 메시지가 나타납니다.
LinuxPC -> Uberspace
[xxx@Linux-PC ~]$ ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/xxx/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: ERROR: ssh: connect to host elst.uberspace.de port 22: Network is unreachable
[xxx@Linux-PC ~]$ ssh -v [email protected]
OpenSSH_8.4p1, OpenSSL 1.1.1i 8 Dec 2020
debug1: Reading configuration data /home/xxx/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to elst.uberspace.de [185.26.156.188] port 22.
debug1: connect to address 185.26.156.188 port 22: Connection refused
debug1: Connecting to elst.uberspace.de [2a00:d0c0:200:0:b9:1a:9c:8e] port 22.
debug1: connect to address 2a00:d0c0:200:0:b9:1a:9c:8e port 22: Network is unreachable
ssh: connect to host elst.uberspace.de port 22: Network is unreachable
[xxx@Linux-PC pw]$ nc -vz 95.143.172.245 22
vega.uberspace.de [95.143.172.245] 22 (ssh): Verbindungsaufbau abgelehnt
(means connection rejected)
[xxx@Linux-PC pw]$ nc -vz 185.26.156.188 22
elst.uberspace.de [185.26.156.188] 22 (ssh): Verbindungsaufbau abgelehnt
(means connection rejected)
LinuxPC -> 바나나(Pub Key가 성공적으로 업로드된 경우에도 비밀번호는 필수입니다)
[xxx@Linux-PC ~]$ ssh-copy-id -f [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/xxx/.ssh/id_rsa.pub"
Enter passphrase for key '/home/xxx/.ssh/id_rsa':
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[xxx@Linux-PC ~]$ ssh -v [email protected]
OpenSSH_8.4p1, OpenSSL 1.1.1i 8 Dec 2020
debug1: Reading configuration data /home/xxx/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.57 [192.168.1.57] port 22.
debug1: Connection established.
debug1: identity file /home/xxx/.ssh/id_rsa type 0
debug1: identity file /home/xxx/.ssh/id_rsa-cert type -1
debug1: identity file /home/xxx/.ssh/id_dsa type -1
debug1: identity file /home/xxx/.ssh/id_dsa-cert type -1
debug1: identity file /home/xxx/.ssh/id_ecdsa type -1
debug1: identity file /home/xxx/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/xxx/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/xxx/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/xxx/.ssh/id_ed25519 type -1
debug1: identity file /home/xxx/.ssh/id_ed25519-cert type -1
debug1: identity file /home/xxx/.ssh/id_ed25519_sk type -1
debug1: identity file /home/xxx/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/xxx/.ssh/id_xmss type -1
debug1: identity file /home/xxx/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.57:22 as 'bananapi'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MBP: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MBP: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:q+j2dQzHWPbthWX4VCK4UK7GDwccoGGZZDSBr4Hl4HE
debug1: Host '192.168.1.57' is known and matches the ECDSA host key.
debug1: Found key in /home/xxx/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/xxx/.ssh/id_rsa RSA SHA256:XDOacvuprzkByJY1ZpGjZN2anPeYVeNkN7v5P6TuBBw
debug1: Will attempt key: /home/xxx/.ssh/id_dsa
debug1: Will attempt key: /home/xxx/.ssh/id_ecdsa
debug1: Will attempt key: /home/xxx/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/xxx/.ssh/id_ed25519
debug1: Will attempt key: /home/xxx/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/xxx/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/xxx/.ssh/id_rsa RSA SHA256:XDOacvuprzkByJY1ZpGjZN2anPeYVeNkN7v5P6TuBBw
debug1: Server accepts key: /home/xxx/.ssh/id_rsa RSA SHA256:XDOacvuprzkByJY1ZpGjZN2anPeYVeNkN7v5P6TuBBw
Enter passphrase for key '/home/xxx/.ssh/id_rsa':
debug1: Trying private key: /home/xxx/.ssh/id_dsa
debug1: Trying private key: /home/xxx/.ssh/id_ecdsa
debug1: Trying private key: /home/xxx/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/xxx/.ssh/id_ed25519
debug1: Trying private key: /home/xxx/.ssh/id_ed25519_sk
debug1: Trying private key: /home/xxx/.ssh/id_xmss
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentication succeeded (password).
Authenticated to 192.168.1.57 ([192.168.1.57]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
Linux BANANA 3.4.103 #1 SMP PREEMPT Thu Dec 18 13:07:12 CST 2014 armv7l
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
bananapi@BANANA ~ $
MBP -> Uberspace (OK)
xxxs-MBP:~ xxx$ ssh-copy-id -f [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/xxx/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
xxxs-MBP:~ xxx$ ssh [email protected]
Last login: Tue Jan 12 14:21:29 2021 from 212.18.221.64
Welcome to Uberspace 7!
Current version: 7.8.1.0
Manual: https://manual.uberspace.de/en/
Watch out for changes at: https://manual.uberspace.de/en/changelog.html
Follow us on Twitter for updates: https://twitter.com/ubernauten
Is something unclear or does not work as expected?
=> check the server status: https://is.uberspace.online
=> reach out to our team: [email protected]
[xxxnc@elst ~]$
/etc/ssh/ssh_config
# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected]
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
답변1
해결되었습니다. 라우터가 연결을 차단하고 있습니다. 노트북(WiFi)과 PC(LAN)의 설정이 다르다는 사실을 몰랐습니다.