有公网ip的机器A禁用了ssh密码登陆,内网机器B也禁用了ssh密码登陆。
按readme文档配置,http和https正常,同时frps.log看到 [control.go:344] [I] ProxyName [ssh], start proxy success。 但是ssh
-oPort=6000 username@publicip时,ssh_exchange_identification: Connection closed by remote host。frps.log和frpc.log均无记录。
[fatedier/frp]ssh禁用密码登陆时,ssh无法穿透
回答
ssh 加上 -vvv 参数看一下完整输出信息。
➜ account git:(master) ✗ ssh -vvv -oPort=6000 usename@publicip OpenSSH_7.2p2, LibreSSL 2.4.1 debug1: Reading configuration data /Users/myuser/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for * debug2: resolving "publicip" port 6000 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to publicip [publicip] port 6000. debug1: Connection established. debug1: identity file /Users/myuser/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/myuser/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/myuser/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/myuser/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/myuser/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/myuser/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/myuser/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/myuser/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2 ssh_exchange_identification: Connection closed by remote host
将真实ip替换成‘publicip’了。
同时在机器A、B /var/log/auth.log上也没找到记录。
单独访问机器A、B是正常的。
我也是这样,3台机器更新到0.9.0 后只有一台ssh能正常访问;其余2台都是如下报错。 OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 debug1: Reading configuration data /home/chenming/.ssh/config debug1: /home/chenming/.ssh/config line 1: Applying options for debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for debug2: ssh_connect: needpriv 0
debug1: Connection established. debug1: identity file /home/chenming/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/chenming/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/chenming/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/chenming/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/chenming/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/chenming/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/chenming/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/chenming/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 ssh_exchange_identification: Connection closed by remote host
但是我测过过,改成其他端口发报文,是能收到的。
抱歉,报问题没彻底测试完,刚找了另一组机子做测试,不禁用密码登陆,ssh也一样ssh_exchange_identification: Connection closed by remote host。
@AdhereYao @chenming219 我这里测试无法复现这个问题,如果可以的话能否提供一个能复现的环境?
@chenming219 你是指上个版本是正常的?
@AdhereYao 你的配置里是否指定了 pool_count 这个参数,如果指定了将这个去掉试试是否能正常连接?
@fatedier 之前是指定了pool_count,也就是全部都是默认配置。注释掉了pool_count也还是不work
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 56: Applying options for debug2: ssh_connect: needpriv 0 debug1: Connecting to 101.132.. [101.132..*8] port 6000. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 ssh_exchange_identification: Connection closed by remote host
遇到同样问题
这是因为主机证书冲突了,说明你挂frp之前就登录过这个机器。 简单的解决方法,删除~/.ssh/authorized_keys中对应的即主机证书可。
配置服务时,ssh的local_ip不能写127.0.0.1
[ssh]
type = tcp
local_ip = 192.168.201.1 # 这里不能是127.0.0.1
local_port = 22
remote_port = 13002
use_encryption = true
use_compression = true