在公司代理中尝试SSH时未知端口65535关闭的连接
我一直在尝试设置SSH跳跃服务器,以便在上班时连接到我的服务器,该服务器采用了一个非常烦人(慢)的公司代理,并阻止了端口443和80以外的所有内容。
ssh -vvv ubuntu@jump-ssh-server -p 443 -o ProxyCommand="ncat --proxy proxy_server:3128 --proxy-auth proxy_user:proxy_password -C %h %p"
在终端中起作用。但是,当我尝试使用SSH连接运行它时,我会遇到一个错误,
OpenSSH_8.6p1, LibreSSL 3.3.5
debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug2: resolve_canonicalize: hostname jump_server is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/user/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Executing proxy command: exec ncat --proxy proxy_server:3128 --proxy-auth user:password -C jump_server 443
debug1: identity file /Users/user/.ssh/id_rsa type 0
debug1: identity file /Users/user/.ssh/id_rsa-cert type -1
debug1: identity file /Users/user/.ssh/id_dsa type -1
debug1: identity file /Users/user/.ssh/id_dsa-cert type -1
debug1: identity file /Users/user/.ssh/id_ecdsa type -1
debug1: identity file /Users/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/user/.ssh/id_ed25519 type -1
debug1: identity file /Users/user/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/user/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/user/.ssh/id_xmss type -1
debug1: identity file /Users/user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to jump_server:443 as 'ubuntu'
debug3: put_host_port: [jump_server]:443
debug1: load_hostkeys: fopen /Users/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: no algorithms matched; accept original
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 3
debug1: Received SSH2_MSG_UNIMPLEMENTED for 0
Connection closed by UNKNOWN port 65535
这是由我的公司防火墙试图阻止连接引起的吗?有什么办法吗?
I've been trying to set up a SSH jump server in order to connect to my servers when I'm at work, which is employing a really annoying (and slow) corporate proxy and blocking everything going to the outside besides port 443 and 80.
I've set up a test server, which I will use as a jump server if this works, to accept SSH connection on port 443.
This is how I'm trying to connect
ssh -vvv ubuntu@jump-ssh-server -p 443 -o ProxyCommand="ncat --proxy proxy_server:3128 --proxy-auth proxy_user:proxy_password -C %h %p"
If I try to run only the ProxyCommand in the terminal it works. However, when I try to run it with the ssh connection I get an error
OpenSSH_8.6p1, LibreSSL 3.3.5
debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug2: resolve_canonicalize: hostname jump_server is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/user/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Executing proxy command: exec ncat --proxy proxy_server:3128 --proxy-auth user:password -C jump_server 443
debug1: identity file /Users/user/.ssh/id_rsa type 0
debug1: identity file /Users/user/.ssh/id_rsa-cert type -1
debug1: identity file /Users/user/.ssh/id_dsa type -1
debug1: identity file /Users/user/.ssh/id_dsa-cert type -1
debug1: identity file /Users/user/.ssh/id_ecdsa type -1
debug1: identity file /Users/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/user/.ssh/id_ed25519 type -1
debug1: identity file /Users/user/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/user/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/user/.ssh/id_xmss type -1
debug1: identity file /Users/user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to jump_server:443 as 'ubuntu'
debug3: put_host_port: [jump_server]:443
debug1: load_hostkeys: fopen /Users/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: no algorithms matched; accept original
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 3
debug1: Received SSH2_MSG_UNIMPLEMENTED for 0
Connection closed by UNKNOWN port 65535
Is this caused by my corporate firewall trying to block the connection? Is there any way around it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
某些SSH算法(例如SSH-RSA)不再被认为是安全的,默认情况下是Ubuntu 22.04的默认算法,因此您必须手动添加它们。就我而言,这是
ssh-rsa算法。@adnan答案如果您是
sudo,并且想覆盖每个用户的默认值。但是,如果您不是sudo,或者想为用户进行更改,请添加$ home/.ssh/.ssh/config文件中的更改,如下所示Some ssh algorithms, like ssh-rsa, are no longer considered safe and are omitted by default from Ubuntu 22.04, so you must manually add them. In my case, it's the
ssh-rsaalgorithm.@Adnan answer is fine if you are
sudoand want to override the defaults for every user. But if you are not sudo, or want to make the change for your user then add make the change in your$HOME/.ssh/configfile as shown below如果通过SSH键配置自动化,请检查您是否对远程服务器使用正确的用户名,以及服务器上的公共密钥是否已存在。
如果通过跳跃服务器建立连接,请检查问题是在跳转服务器还是在目标服务器上
If the autentication is configured over the SSH key, check if you use right username for the remote server and if you public key is already present on the server.
If the connection is established over the jump server check if the problem is at the jump server or at the target server
从Windows WSL2终端(Ubuntu 22.04)管理Linux机器,当我定义
ssh-agent变量时,问题消失了。在运行命令之前,请尝试运行以下命令:
Administrating Linux machines from the Windows WSL2 terminal (Ubuntu 22.04), the problem disappears when I define
ssh-agentvariables.Try to run the following commands before running the command :
我在SSH上也有类似的问题,我的问题是KEX算法不匹配。我在客户端和目标服务器上添加了相同的KEX算法并修复了它。
在
/etc/etc/ssh/ssh_config我添加:您可以在此处详细介绍我的调查:
https://blog.adnanebrahimi.com/gitlab-cicd-cicd-strange-smerange-ssh-ssh-ssh-on-ssh-ssh2msgkexecdhreply
I had a similar issue with ssh, my problem was Kex Algorithm mismatch. I added the same Kex algorithm on both client and destination servers and fixed it.
In
/etc/ssh/ssh_configI added:you can see my investigation in detail here:
https://blog.adnanebrahimi.com/gitlab-cicd-strange-ssh-issue-on-ssh2msgkexecdhreply