背景

今天申请了一台Centos7.6的虚拟机,通过跳板机可以正常连接,但是在安装蓝鲸的时候提示Error reading SSH protocol banner,根据提示是SSH的22端口没有连接成功,通过xshell的确连不上并且22端口也telnet不通。

排查思路

通过跳板机查看ssh的的确是开启的

[root@localhost wangchunyang]# netstat -ntpl | grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      5335/sshd           
tcp6       0      0 :::22                   :::*                    LISTEN      5335/sshd   

重启下SSH发现依旧不行

root@localhost wangchunyang]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service
[root@localhost wangchunyang]# 
[root@localhost wangchunyang]# 
[root@localhost wangchunyang]# netstat -ntpl | grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      16019/sshd          
tcp6       0      0 :::22                   :::*                    LISTEN      16019/sshd  

查询SSH版本,没问题啊

[root@localhost wangchunyang]# rpm -qa | grep ssh
openssh-7.4p1-16.el7.x86_64
libssh2-1.4.3-12.el7.x86_64
openssh-clients-7.4p1-16.el7.x86_64
openssh-server-7.4p1-16.el7.x86_64

最终解决办法

查看服务器允许连接权限

[root@localhost wangchunyang]# cat /etc/hosts.allow 
#
# hosts.allow   This file contains access rules which are used to
#       allow or deny connections to network services that
#       either use the tcp_wrappers library or that have been
#       started through a tcp_wrappers-enabled xinetd.
#
#       See 'man 5 hosts_options' and 'man 5 hosts_access'
#       for information on rule syntax.
#       See 'man tcpd' for information on tcp_wrappers
#
sshd: 192.168.1.173
sshd: 192.168.4.251
[root@localhost wangchunyang]# cat /etc/hosts.deny 
#
# hosts.deny    This file contains access rules which are used to
#       deny connections to network services that either use
#       the tcp_wrappers library or that have been
#       started through a tcp_wrappers-enabled xinetd.
#
#       The rules in this file can also be set up in
#       /etc/hosts.allow with a 'deny' option instead.
#
#       See 'man 5 hosts_options' and 'man 5 hosts_access'
#       for information on rule syntax.
#       See 'man tcpd' for information on tcp_wrappers
#
sshd: ALL

注意hosts.deny的最后一行,你妹~

注释掉sshd: ALL并重启ssh service sshd restart解决

发表评论

电子邮件地址不会被公开。 必填项已用*标注