设置静态 IP 地址无法连接?
Sar*_*abo 2 networking kubuntu static-ip 19.04
我正在学习为我的远程备份服务器设置静态 IP 地址的教程。(https://www.techrepublic.com/article/how-to-configure-a-static-ip-address-in-ubuntu-server-18-04/)
我遵循了这组说明:
network:
renderer: networkd
ethernets:
enp0s25:
dhcp4: no
addresses: [192.168.111.27/24]
gateway4: 192.168.1.1
nameservers:
addresses: [192.168.1.1,8.8.8.8]
version: 2
但是现在我无法连接到我的服务器,并且必须从我在进行修改之前制作的旧副本中恢复其网络计划。
自定义 SSH 配置:
Host Scilab
HostName 192.168.43.245
Port 45834
IdentityFile ~/.ssh/LesserArkKey
当我尝试使用时,ssh Scilab
我得到:ssh: connect to host 192.168.43.245 port 45834: Connection refused. 这是不寻常的,因为它以前有效(我有一个自定义的 ssh 配置)。我将当前的 ssh 配置更改为新的 IP 地址(之前是 192.168.1.144)
我做错了什么,如何将 IP 地址设置为静态地址而不是 DCHP?
编辑 0:为了澄清起见,当服务器具有默认的 Netplan 时,基于服务器密钥的登录工作得很好。ssh Scilab要求提供加密密钥,我提供密码,然后一切都连接起来了。当我尝试使用新的 Netplan 时,它只会出现错误。然后什么都不起作用。
这些命令也都失败了:
sarah@LesserArk:~$ ssh -p 45834 -i .ssh/LesserArkKey 192.168.111.27
ssh: connect to host 192.168.111.27 port 45834: Connection refused
sarah@LesserArk:~$ ssh -p 24 -i .ssh/LesserArkKey 192.168.111.27
ssh: connect to host 192.168.111.27 port 24: Connection refused
sarah@LesserArk:~$ ssh -i .ssh/LesserArkKey 192.168.111.27
ssh: connect to host 192.168.111.27 port 22: Connection refused
netplan更改后的服务器:
ifconfig:
固态硬盘配置:
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port 45834
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
MaxStartups 2
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Protocol 2
编辑 1:
这是命令的输出
cat /etc/hosts::
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
cat /etc/nsswitch.conf | grep "hosts:":
hosts: files dns
`networkctl status`:
? State: routable
Address: 192.168.111.27 on enp0s25
fe80::225:64ff:feaf:9fc8 on enp0s25
DNS: 192.168.1.1
8.8.8.8
ls -l /etc/resolv.conf:
lrwxrwxrwx 1 root root 39 Feb 14 09:49 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
编辑 2: /etc/hosts:
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.111.27 scilab_comp_0
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
的输出hostname:scilab_comp_0
编辑 3:我从我的电脑(不是服务器)制作了一个简短的视频,显示了正在发生的事情的更多细节:https : //www.youtube.com/watch?v=rqQGas4fs_A&feature=youtu.be
在这里制作了 IP 地址冲突的快速视频:https : //youtu.be/P2rXWvdOM7k
编辑 4:输出telnet 192.168.111.27 45834
sarah@scilab_comp_0:~$ telnet 192.168.111.27 45834
Trying 192.168.111.27...
Connected to 192.168.111.27.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
Connection closed by foreign host.
进行了更多挖掘,并注意到我有 2 个服务器 IP 地址。这是ip a:
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:25:64:af:9f:c8 brd ff:ff:ff:ff:ff:ff
inet 192.168.111.27/24 brd 192.168.111.255 scope global enp0s25
valid_lft forever preferred_lft forever
inet 192.168.1.142/24 brd 192.168.1.255 scope global dynamic enp0s25
valid_lft 78971sec preferred_lft 78971sec
inet6 fe80::225:64ff:feaf:9fc8/64 scope link
valid_lft forever preferred_lft forever
如您所见,一个是动态的,一个是静态的。我不确定静态配置是否有效,或者如何摆脱动态配置(因为我将 yaml 恢复为原始配置,因此我可以暂时从我的计算机远程访问它)。鉴于我们的配置文件声明我们只想要 DCHP 一个,那么静态 IP 地址来自哪里?
另外,我验证了只有50-cloud-init.yaml对配置有任何影响。我在我们创建的另一个 yaml 文件中添加了 .DISABLED 前缀,因为它似乎没有任何效果。
编辑 4:更好的测试
我已经做了一个更好的方法来测试服务器是否能够连接。我有两个终端窗口登录到服务器,一个只是用while true; do ip a; ping -c3 google.com; date; sleep 10; done. 另一个sudo netplan try使用 netplan 将 IP 地址设置为静态。
这些是结果: - 每次 IP 地址变为静态时(在我在另一个终端上按回车键输入 `sudo netplan try`` 后,ping 失败:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:25:64:af:9f:c8 brd ff:ff:ff:ff:ff:ff
inet 192.168.111.27/24 brd 192.168.111.255 scope global enp0s25
valid_lft forever preferred_lft forever
inet6 fe80::225:64ff:feaf:9fc8/64 scope link
valid_lft forever preferred_lft forever
ping: google.com: Temporary failure in name resolution
并且每次它返回使用 DCHP IP 地址(当它有 2 个 IP 地址时更早出现)时,它会返回并将信息报告给我 PC 的 SSH shell。
在静态 IP 的服务器网络规划配置中,您正在请求与网关子网不同的子网中的 IP 地址。尽管 netplan 可以将该 IP 分配给您的设备,但网关将无法与其通信。
要修复,请在通过 DHCP 分配的同一子网中请求 IP 地址。因此,如果 DHCP 分配的地址是192.168.1.15,请像这样设置您的 netplan yaml 文件:
network:
renderer: networkd
ethernets:
enp0s25:
dhcp4: no
addresses: [192.168.1.111/24]
gateway4: 192.168.1.1
nameservers:
addresses: [192.168.1.1,8.8.8.8]
如果您不确定网关 IP,请在通过 DHCP 连接良好时发出以下命令:
ip route
系统将响应类似
default via 192.168.1.1 dev netdev01 ....
在此输出中,网关通过default via字段标识。
为简单起见,并避免 DNS 和本地 SSH 配置引起的问题,您可以使用服务器的文字 IP 地址发出客户端 SSH 请求:
ssh sarah@192.168.1.111
这是一个备份服务器,因此您与服务器的大部分通信很可能都是脚本化的,因此使用主机名的唯一功能原因是服务器的 IP很可能会更改。
此外,为简单起见,~/.ssh/id_rsa.pub除非有充分的理由,否则我会将我的 ssh 密钥生成为默认值。这使得编码请求更加干净和简单。仅当我想将密钥存储在本地家庭之外或者出于某种原因我无法想象必须为不同的主机保留不同的密钥时,我才将公钥放入命名文件中。
| 归档时间: |
|
| 查看次数: |
4399 次 |
| 最近记录: |