whairst提出的问题 -unix

whairst

Asked: 2024-12-06 09:30:57 +0800 CST

O Debian 12 não aceita conexões ssh remotas

Estou tentando configurar um servidor Debian 12 e não consigo fazer com que ele aceite conexões ssh da minha máquina Ubuntu 22.04 (ou de uma máquina Ubuntu mais antiga). Ele não pede uma senha; o comando ssh simplesmente termina imediatamente. Ssh para localhost e [Debian 12 IP] funcionam - solicita a senha, aceita e efetua login. Esta deve ser uma instalação próxima do estoque do Debian 12. Eu até tentei copiar o arquivo sshd_config de estoque da máquina Ubuntu 22.04 (que aceita conexões da máquina Debian) para a máquina Debian, mas sem sucesso.

Veja o que a máquina Ubuntu 22.04 apresenta quando tento uma conexão:

[localuser]@[localmachine]:~$ ssh -vvv [remoteuser]@192.168.2.9
OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.2.9 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/[localuser]/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/[localuser]/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.2.9 [192.168.2.9] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/[localuser]/.ssh/id_rsa type -1
debug1: identity file /home/[localuser]/.ssh/id_rsa-cert type -1
debug1: identity file /home/[localuser]/.ssh/id_ecdsa type -1
debug1: identity file /home/[localuser]/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/[localuser]/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/[localuser]/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/[localuser]/.ssh/id_ed25519 type -1
debug1: identity file /home/[localuser]/.ssh/id_ed25519-cert type -1
debug1: identity file /home/[localuser]/.ssh/id_ed25519_sk type -1
debug1: identity file /home/[localuser]/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/[localuser]/.ssh/id_xmss type -1
debug1: identity file /home/[localuser]/.ssh/id_xmss-cert type -1
debug1: identity file /home/[localuser]/.ssh/id_dsa type -1
debug1: identity file /home/[localuser]/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.2.9 port 22
[localuser]@[localmachine]:~$

Isto é o que a máquina Debian relata:

Dec 06 21:45:08 fafnir sshd[5704]: debug3: fd 5 is not O_NONBLOCK
Dec 06 21:45:08 fafnir sshd[5704]: debug1: Forked child 8037.
Dec 06 21:45:08 fafnir sshd[5704]: debug3: send_rexec_state: entering fd = 8 config len 3271
Dec 06 21:45:08 fafnir sshd[5704]: debug3: ssh_msg_send: type 0
Dec 06 21:45:08 fafnir sshd[5704]: debug3: send_rexec_state: done
Dec 06 21:45:08 fafnir sshd[8037]: debug3: oom_adjust_restore
Dec 06 21:45:08 fafnir sshd[8037]: debug1: Set /proc/self/oom_score_adj to 0
Dec 06 21:45:08 fafnir sshd[8037]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Dec 06 21:45:08 fafnir sshd[8037]: debug1: inetd sockets after dupping: 4, 4
Dec 06 21:45:08 fafnir sshd[8037]: debug1: getpeername failed: Transport endpoint is not connected
Dec 06 21:45:08 fafnir sshd[8037]: debug3: process_channel_timeouts: setting 0 timeouts
Dec 06 21:45:08 fafnir sshd[8037]: debug3: channel_clear_timeouts: clearing
Dec 06 21:45:08 fafnir sshd[8037]: debug1: ssh_remote_port failed

O arquivo de configuração atualmente é:


# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO
LogLevel Debug3

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem   sftp    /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

Alguma ideia do que está errado? Note que não instalei nem configurei nenhum software de firewall, mas é possível que haja algo de estoque que eu não saiba.

O Debian 12 não aceita conexões ssh remotas

Possível firmware ausente /lib/firmware/i915/* para o módulo i915

Falha ao buscar o repositório de backports jessie

Como exportar uma chave privada GPG e uma chave pública para um arquivo

Como podemos executar um comando armazenado em uma variável?

Como configurar o systemd-resolved e o systemd-networkd para usar o servidor DNS local para resolver domínios locais e o servidor DNS remoto para domínios remotos?

apt-get update error no Kali Linux após a atualização do dist [duplicado]

Como ver as últimas linhas x do log de serviço systemctl

Nano - pule para o final do arquivo

erro grub: você precisa carregar o kernel primeiro

Como baixar o pacote não instalá-lo com o comando apt-get?

whairst's questions