ArunMKumar's questions

我正在尝试使用非常基本的 scp 命令将文件从本地系统上的虚拟机（Ubuntu 18.04）移动到远程服务器。这个问题只出现在一个特定的服务器上，其他的工作正常，所以它不是一个通用的东西。

scp <file name> <user>@<complete_hostname>:~/

但是此命令不会继续进行成功的身份验证。

SCP Log: (from local machine, Ubuntu 18.04)
==========
debug1: Next authentication method: publickey
debug1: Offering public key: 
RSA SHA256:<key> /home/username/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279 
debug1: Authentication succeeded (publickey).
Authenticated to 'HOSTNAME' ([10.6.26.145]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = en_IN
debug1: Sending command: scp -v -r -d -t ~/received/


Form another  remote server:
debug1: Next authentication method: publickey
debug1: Trying private key: /home/username/.ssh/identity
debug1: Offering public key: /home/username/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/username/.ssh/id_dsa
debug1: Trying private key: /home/username/.ssh/id_ecdsa
debug1: Next authentication method: password
username@hostname's password: 
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = C
debug1: Sending env LC_ALL = C
debug1: Sending command: scp -v -t ~/

我在这些机器上没有任何特权访问权限，有没有办法找出问题所在？我需要做什么？

我正在尝试使用非常基本的scp命令将文件从本地系统上的虚拟机（Ubuntu 18.04）移动到远程服务器。这个问题只出现在一个特定的服务器上，其他的工作正常，所以它不是一个通用的东西。

scp <file name> <user>@<complete_hostname>:~/

但是此命令不会继续进行成功的身份验证。

当我使用 FileZilla 时也会发生同样的情况。

IT 团队建议我使用运行良好的“WinSCP”。

scp 调试日志

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/username/.ssh/id_dsa
debug1: Trying private key: /home/username/.ssh/id_ecdsa
debug1: Next authentication method: password
'user'@'full hostname's password: 
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = C
debug1: Sending env LC_ALL = C
debug1: Sending command: scp -v -t ~/

此后没有任何进展，FileZilla 以类似方式在 20 秒后超时。而 WinSCP 工作正常。

什么可能导致scp挂起，因为我在我的一些脚本中使用它，一个特定服务器的这个问题使我的脚本在它们上无法使用，这也适用于 SFTP 方法。

IT 团队建议我不要使用这些标志-d，并且-t在发出命令时，调试日志中会显示相同的命令，并且不受远程服务器的支持。这些可以去掉吗？我没有明确地向他们发出命令。

编辑2：

SCP Log: (from local machine, Ubuntu 18.04)
==========
debug1: Next authentication method: publickey
debug1: Offering public key: 
RSA SHA256:<key> /home/username/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279 
debug1: Authentication succeeded (publickey).
Authenticated to 'HOSTNAME' ([10.6.26.145]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = en_IN
debug1: Sending command: scp -v -r -d -t ~/received/

这可能看起来像一个重复的问题，但我做了我的搜索，但找不到任何解决方案。

我创建了一个 tftp 服务器，当从本地 tftp 客户端访问该服务器时，通过环回获取并放置文件就好了。当我尝试通过外部客户端访问服务器时，请求超时。连接已建立。我可以看到连接在 tftp 客户端中已连接，那里没有问题。文件传输未开始。

客户端通过以太网电缆直接连接到主机，我创建了一个 2 设备 LAN。ping 在它们之间起作用。

我最初认为这是一个防火墙问题，现在我禁用了防火墙，允许在 iptables 中配置的端口 69 上输入和输出。端口 69 上也允许使用 udp。

我也没有运行 tftpd-hpa 服务器的多个实例，它作为守护进程运行，而netstat -aup只运行一个 tftp 服务器。

客户给出了正确的请求，我可以在wireshark中看到它们，但没有任何响应。

并且失败总是超时。

**firewall disabled**
**ports allow connection **
**file transfer fails**
** outgoing tftp request as a client to other tftp servers is alos blocked **

更新2：

我不太确定防火墙的事情，因为这台笔记本电脑是由我的雇主发行的，我怀疑他们不会允许禁用防火墙。阅读/var/log/syslog并没有给出任何提示，因此尝试查看内核打印信息以了解是否有任何 kmodules 做任何可疑的事情，我看到了这些。

[10989.915231] FIREWALL: IN=eth1 OUT= MAC=50:7b:9d:f9:44:5d:68:9e:19:99:9e:e4:08:00 SRC=10.42.0.89 DST=10.42.0.1 LEN=65 TOS=0x00 PREC=0x00 TTL=255 ID=117 DF PROTO=UDP SPT=2495 DPT=69 LEN=45

SRC、DESTT 、DPT、PROTO MAC 地址都与我的tftp 客户端匹配。

我无法真正说出这里发生了什么，所以如果有人能给我提示以寻找一些日志或其他东西，那将非常有帮助。

在此之后，我安装了gufw来管理防火墙并允许所有传入和传出流量。我仍然会超时，这就是我现在在 syslog 上看到的。

Sep  5 16:16:01 arun-TP kernel: [13836.201853] [UFW AUDIT] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164 
Sep  5 16:16:01 arun-TP kernel: [13836.201870] [UFW ALLOW] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164 

这次DST没有意义，客户端位于10.42.0.89而不是10.42.0.255。

更新1：

/etc/default/tftpd-hpa

TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure  --create  -s"
RUN_DAEMON="YES"

ls -lrt /

drwxr-xr-x   2 tftp nogroup  4096 Sep  5 03:30 tftpboot

网络统计-aup

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 *:mdns                  *:*                                 739/avahi-daemon: r
udp        0      0 *:50694                 *:*                                 2514/rpc.mountd 
udp        0      0 *:55107                 *:*                                 2514/rpc.mountd 
udp        0      0 *:nfs                   *:*                                 -               
udp        0      0 *:3471                  *:*                                 8567/dhclient   
udp        0      0 *:56776                 *:*                                 739/avahi-daemon: r
udp        0      0 10.42.0.1:domain        *:*                                 5403/dnsmasq    
udp        0      0 127.0.1.1:domain        *:*                                 3025/dnsmasq    
udp        0      0 *:bootps                *:*                                 5403/dnsmasq    
udp        0      0 *:bootpc                *:*                                 8567/dhclient   
udp        0      0 *:tftp                  *:*                                 4316/in.tftpd  
udp        0      0 *:sunrpc                *:*                                 966/rpcbind     
udp        0      0 *:ipp                   *:*                                 1476/cups-browsed
udp        0      0 *:707                   *:*                                 966/rpcbind     
udp        0      0 *:33526                 *:*                                 2514/rpc.mountd 
udp        0      0 *:49935                 *:*                                 -               
udp        0      0 localhost:796           *:*                                 1044/rpc.statd  
udp        0      0 *:54194                 *:*                                 1044/rpc.statd  
udp        0      0 *:17500                 *:*                                 3785/dropbox    
udp6       0      0 [::]:mdns               [::]:*                              739/avahi-daemon: r
udp6       0      0 [::]:42779              [::]:*                              -               
udp6       0      0 [::]:59279              [::]:*                              1044/rpc.statd  
udp6       0      0 [::]:nfs                [::]:*                              -               
udp6       0      0 [::]:60007              [::]:*                              2514/rpc.mountd 
udp6       0      0 [::]:52311              [::]:*                              2254/BESClient  
udp6       0      0 [::]:11656              [::]:*                              8567/dhclient   
udp6       0      0 [::]:sunrpc             [::]:*                              966/rpcbind     
udp6       0      0 [::]:45289              [::]:*                              739/avahi-daemon: r
udp6       0      0 [::]:57589              [::]:*                              2514/rpc.mountd 
udp6       0      0 [::]:707                [::]:*                              966/rpcbind     
udp6       0      0 [::]:37709              [::]:*                              2514/rpc.mountd 

/etc/xinetd.d/中没有 tftp 配置文件

防火墙被禁用。ufw 状态 = 不活动

iptables -L -v

Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target     prot opt in     out     source               destination         
    2   656 ACCEPT     udp  --  eth1   any     anywhere             anywhere             udp dpt:bootps
    0     0 ACCEPT     tcp  --  eth1   any     anywhere             anywhere             tcp dpt:bootps
    0     0 ACCEPT     udp  --  eth1   any     anywhere             anywhere             udp dpt:domain
    0     0 ACCEPT     tcp  --  eth1   any     anywhere             anywhere             tcp dpt:domain
36569 3800K ACCEPT     all  --  lo     any     anywhere             anywhere            
30392   20M ACCEPT     tcp  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
 2704  679K ACCEPT     udp  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
    0     0 ACCEPT     254  --  ipsec+ any     anywhere             anywhere            
    0     0 ACCEPT     esp  --  any    any     anywhere             anywhere            
    0     0 ACCEPT     ah   --  any    any     anywhere             anywhere            
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:isakmp
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:cfengine
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:5900
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:5901
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:12080
    0     0 REJECT     tcp  --  any    any     anywhere             anywhere             tcp dpt:auth reject-with icmp-port-unreachable
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:https
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:5656
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpts:5004:5005
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:5004:5005
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:20830
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:20830
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:sip:5062
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpts:sip:5062
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:21100
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:2001
    0     0 ACCEPT     gre  --  any    any     anywhere             anywhere            
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp destination-unreachable
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp source-quench
  689 56460 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp time-exceeded
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp parameter-problem
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp router-advertisement
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-request
   13   832 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-reply
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:tproxy
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:1533
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpts:30000:30005
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpts:bootps:bootpc
    6  1968 DROP       udp  --  any    any     anywhere             anywhere             udp dpts:bootps:bootpc
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-ns
    0     0 DROP       udp  --  any    any     anywhere             anywhere             udp dpt:netbios-ns
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-dgm
    0     0 DROP       udp  --  any    any     anywhere             anywhere             udp dpt:netbios-dgm
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-ssn
    0     0 DROP       udp  --  any    any     anywhere             anywhere             udp dpt:netbios-ssn
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpts:tcpmux:ftp-data
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:sunrpc
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpts:snmp:snmp-trap
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:520
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpts:6348:6349
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpts:6345:gnutella-rtr
   75  3256 LOG        tcp  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 LOG level debug prefix  "FIREWALL: "
 1459  263K LOG        udp  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: "
 3347  568K DROP       all  --  any    any     anywhere             anywhere            
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:tftp state NEW,ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:69 state NEW,ESTABLISHED

Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    eth1    anywhere             10.42.0.0/24         state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  eth1   any     10.42.0.0/24         anywhere            
    0     0 ACCEPT     all  --  eth1   eth1    anywhere             anywhere            
    0     0 REJECT     all  --  any    eth1    anywhere             anywhere             reject-with icmp-port-unreachable
    0     0 REJECT     all  --  eth1   any     anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 68593 packets, 6962K bytes) pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:69 state NEW,ESTABLISHED
    1    45 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:tftp state NEW,ESTABLISHED

作为客户端的传出 tftp 请求也被阻止。我的 IP 是 192,168.0.5 尝试连接到 192.168.0.2

tftp 192.168.0.2
tftp> verbose on
Verbose mode on.
tftp> status
Connected to 192.168.0.2.
Mode: netascii Verbose: on Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> put hello
putting hello to 192.168.0.2:hello [netascii]
Transfer timed out.

我的路由器有问题吗？有没有我需要处理的设置，但是即使我使用以太网电缆将客户端直接连接到服务器，这个问题仍然存在。我厌倦了 BeagleBone Black、MACbook 和我的 Android 手机作为 tftp 客户端向服务器提出请求。

客户端：10.42.0.89（BeagleBlack，在 u-boot）服务器：10.42.0.1

我现在用wireshark嗅探以太网数据包。

ARP：

32  927.886269000   10.42.0.89  Broadcast   ARP 60  Who has 10.42.0.1?  Tell 10.42.0.89
33  927.886320000   50:7b:9d:f9:44:5d   10.42.0.89  ARP 42  10.42.0.1 is at 50:7b:9d:f9:44:5d

在此之后，我只看到从客户端启动，没有任何结果。

36  932.887008000   10.42.0.89  10.42.0.1   TFTP    79  Read Request, File: hello, Transfer type: octet, timeout\000=5\000, blksize\000=1468\000