ssh验证用户期间网络无法访问(ping不通，远端sshd版本识别不正确)

Question

ssh验证用户期间网络无法访问(ping不通)

• ssh认证前使用ping -t持续检验网络, 网络正常
• ssh登陆到输入密码前，网络正常
• 输入密码按下回车后，立刻出现Permission denied, 并且看到ping出现超时
• 再次输入密码后， 等待15s左右，出现Connection timed out
• ssh失败后，继续等待，接近1min时， ping恢复正常

相关信息

• 公司内由少量服务器，几百个电脑，平时工作时需要ssh到服务器处理文件。
• 每台服务器对外部署2个Ip，分别用于服务器之间的高速连接，和服务器与普通员工主机之间的常规连接。
• 服务器之间的IP地址为192.168.10.*， 服务器到员工电脑间Ip为192.168.1.*
• 服务器 Centos6.8 局域网IP 192.168.1.x, sshd版本 OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
• 员工主机 WIN10 64, ssh客户端putty, xshell, wsl ssh都试过
• 为了方便不在公司的员工也能办公，其中一个服务器使用frp建立了ssh转发，配置如下

; frpc.ini配置内容
[common]
server_addr = 公网IP
server_port = 公网端口

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 转发端口

• 出现问题的就是这台服务器，公司内网员工使用ssh 192.168.1.x登陆时出错
• 但可以使用外网转发形式登陆服务器 ssh user@公网ip 转发端口
• 使用telnet检查22端口协议时返回的是SSH-2.0-OpenSSH_7.0, 而不是期望的的OpenSSH_5.3

ssh -vvv信息如下

• 用户名， 服务器ip， window home目录 分别使用 USER, HOST_IP, HOME_IN_WINDOWS代替

$ ssh -vvv USER@HOST_IP
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/config error:2
debug3: Failed to open file:C:\\ProgramData\\ssh/ssh_config error:2
debug2: resolving "HOST_IP" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to HOST_IP [HOST_IP] port 22.
debug1: Connection established.
debug1: identity file HOME_IN_WINDOWS/.ssh/id_rsa type 0
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_rsa-cert error:2
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file HOME_IN_WINDOWS/.ssh/id_rsa-cert type -1
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_dsa error:2
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_dsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file HOME_IN_WINDOWS/.ssh/id_dsa type -1
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_dsa-cert error:2
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_dsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file HOME_IN_WINDOWS/.ssh/id_dsa-cert type -1
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_ecdsa error:2
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_ecdsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file HOME_IN_WINDOWS/.ssh/id_ecdsa type -1
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_ecdsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file HOME_IN_WINDOWS/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_ed25519 error:2
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_ed25519.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file HOME_IN_WINDOWS/.ssh/id_ed25519 type -1
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/id_ed25519-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file HOME_IN_WINDOWS/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.0
debug1: match: OpenSSH_7.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to HOST_IP:22 as 'USER'
debug3: hostkeys_foreach: reading file "HOME_IN_WINDOWS/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file HOME_IN_WINDOWS/.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys from HOST_IP
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:\\ProgramData\\ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:\\ProgramData\\ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,ecdsa-sha2-nistp256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: hmac-sha1,hmac-ripemd160,umac-64@openssh.com
debug2: MACs stoc: hmac-sha1,hmac-ripemd160,umac-64@openssh.com
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:
<implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:RSSk88Ln7GL3UfV9QDbQRA8JGdPIZ37SZPxRur3cHSM
debug3: hostkeys_foreach: reading file "HOME_IN_WINDOWS/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file HOME_IN_WINDOWS/.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys from HOST_IP
debug3: Failed to open file:HOME_IN_WINDOWS/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:\\ProgramData\\ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:\\ProgramData\\ssh/ssh_known_hosts2 error:2
debug1: Host 'HOST_IP' is known and matches the ECDSA host key.
debug1: Found key in HOME_IN_WINDOWS/.ssh/known_hosts:11
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or
directory
debug2: key: HOME_IN_WINDOWS/.ssh/id_rsa (0000017F3E139460)
debug2: key: HOME_IN_WINDOWS/.ssh/id_dsa (0000000000000000)
debug2: key: HOME_IN_WINDOWS/.ssh/id_ecdsa (0000000000000000)
debug2: key: HOME_IN_WINDOWS/.ssh/id_ed25519 (0000000000000000)
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:0N0bYYBf6fYPbnXhjhtY+Zbxv3xvdD9haFE2+OjBqug HOME_IN_WINDOWS/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: HOME_IN_WINDOWS/.ssh/id_dsa
debug3: GetFileAttributesExW with last error 2
debug3: no such identity: HOME_IN_WINDOWS/.ssh/id_dsa: No such file or directory
debug1: Trying private key: HOME_IN_WINDOWS/.ssh/id_ecdsa
debug3: GetFileAttributesExW with last error 2
debug3: no such identity: HOME_IN_WINDOWS/.ssh/id_ecdsa: No such file
or directory
debug1: Trying private key: HOME_IN_WINDOWS/.ssh/id_ed25519
debug3: GetFileAttributesExW with last error 2
debug3: no such identity: HOME_IN_WINDOWS/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
USER@HOST_IP's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug3: failed to open file:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
USER@HOST_IP's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: recv - from CB ERROR:10060, io:0000017F3E138780
ssh_dispatch_run_fatal: Connection to HOST_IP port 22: Connection timed out