Moh*_*avi 95 ssh pipeline scp sshd gitlab-ci
我想scp使用 PRIVATE_KEY 在 GitLab 管道中复制数据。
错误是:
kex_exchange_identification: read: Connection reset by peer
Connection reset by x.x.x.x port 22
lost connection
Run Code Online (Sandbox Code Playgroud)
管道日志:
$ mkdir -p ~/.ssh
$ echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
$ chmod 600 ~/.ssh/id_rsa
$ eval "$(ssh-agent -s)"
Agent pid 22
$ ssh-add ~/.ssh/id_rsa
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
$ ssh-keyscan -H $IP >> ~/.ssh/known_hosts
# x.x.x.x:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
# x.x.x.x:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
$ scp -rv api.yml root@$IP:/home/services/test/
Executing: program /usr/bin/ssh host x.x.x.x, user root, command scp -v -r -t /home/services/test/
OpenSSH_8.6p1, OpenSSL 1.1.1l 24 Aug 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
kex_exchange_identification: read: Connection reset by peer
Connection reset by x.x.x.x port 22
lost connection
Run Code Online (Sandbox Code Playgroud)
Ken*_*ter 70
kex_exchange_identification: read: Connection reset by peer\nRun Code Online (Sandbox Code Playgroud)\n当 SSH 客户端连接到 SSH 服务器时,服务器首先向客户端发送版本字符串。您收到的错误意味着,当客户端等待来自服务器的数据时,即 TCP 连接打开后,从客户端到服务器的 TCP 连接“异常关闭”。
\n实际上,它可能意味着以下两件事之一:
\n看起来ssh-keyscan程序能够连接到服务器并获取版本字符串,而不会出现错误。因此,SSH 服务器进程显然能够与客户端通信而不会崩溃。
\n您应该与该 xxxx 主机及其所连接的网络的管理员联系,看看他们是否可以从他们的一端识别出问题。有可能某些\xe2\x80\x94a防火墙或ssh服务器进程本身\xe2\x80\x94正在看到多个连接,首先来自ssh-keyscan进程,然后是scp程序,作为入侵尝试。它阻止了第二次连接尝试。
\n小智 29
我有同样的问题。我重新启动了服务器,然后一切都很好。
小智 8
TL;DR:
找到服务器端进程listen-to-ssh端口并将其杀死,然后重新启动ssh服务。它应该解决这个问题。
在客户端:
Run Code Online (Sandbox Code Playgroud)ssh account@ip -pPORT
kex_exchange_identification: read: Connection reset by peer
我在服务器端尝试了一下:
Run Code Online (Sandbox Code Playgroud)service ssh status
[ ok ] sshd is running.Run Code Online (Sandbox Code Playgroud)service ssh restart
[ ok ] Restarting OpenBSD Secure Shell server: sshd.
但客户端 ssh 命令仍然失败并出现相同的kex_exchange_identification错误。
然后我停止服务器端的ssh服务(以root 身份):
Run Code Online (Sandbox Code Playgroud)service ssh stop
[ ok ] Stopping OpenBSD Secure Shell server: sshd.
以下客户端 ssh 命令仍然失败并出现相同的kex_exchange_identification错误。真奇怪; 如果没有进程监听该端口,则应该是连接被拒绝的错误。
可能是服务器端监听 SSH端口的进程死掉了,甚至重启/停止服务也不起作用。所以找到该进程,并将其杀死也许可以解决问题。
这里的 PORT 是 'server /etc/ssh/sshd_config' 中定义的 SSH 端口,默认为 22。 以 root 身份:
Run Code Online (Sandbox Code Playgroud)netstat -ap | grep PORT
tcp 0 0 0.0.0.0:PORT 0.0.0.0:* LISTEN 8359/sshd
tcp6 0 0 [::]:PORT [::]:* LISTEN 8359/sshdRun Code Online (Sandbox Code Playgroud)kill 8359 netstat -ap | grep PORT
no resultRun Code Online (Sandbox Code Playgroud)service ssh start
[ ok ] Starting OpenBSD Secure Shell server: sshd.Run Code Online (Sandbox Code Playgroud)netstat -ap | grep PORT
tcp 0 0 0.0.0.0:PORT 0.0.0.0:* LISTEN 31418/sshd: /usr/sb
tcp6 0 0 [::]:PORT [::]:* LISTEN 31418/sshd: /usr/sb
以下客户端ssh命令成功。
| 归档时间: |
|
| 查看次数: |
362534 次 |
| 最近记录: |