Blu*_*303 9 networking linux ssh debian routing
在 debian kali 中,我尝试连接 ssh 并收到以下错误:
SSH:连接到主机本地主机端口 22:连接被拒绝
背景 :
我试图在 debian 中连接 ssh,我使用的是 kali 2.0 sana
我尝试过/做过的事情:
`apt-get install openssh-server`
安装了 openssh-server 及其最新版本
查询服务 ssh status
? ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
Active: active (running) since Wed 2015-09-23 17:20:36 IST; 36min ago
Main PID: 1594 (sshd)
CGroup: /system.slice/ssh.service
??1594 /usr/sbin/sshd -D
重新配置 dpkg-reconfigure openssh-server 也能成功
现在我尝试连接ssh root@localhost需要 root@localhost 密码,所以我所做的是
vi /etc/ssh/sshd_config 并添加了拒绝 root 登录的命令:
我的 sshd_config 如下:
What ports, IPs and protocols we listen for Port 22
#Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0 Protocol 2
# HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security UsePrivilegeSeparation yes
现在再次尝试通过 'ssh root@localhost' 连接 ssh 不是我得到的 connect to host localhost port 22: Connection refused
我虽然我iptables可能会阻止它,因此将其配置为:
vim /root/firewall.rules
root@vignesh:~# iptables-save > /root/firewall.rules
root@vignesh:~# iptables -X
root@vignesh:~# iptables -t nat -F
root@vignesh:~# iptables -t nat -X
root@vignesh:~# iptables -t mangle -F
root@vignesh:~# iptables -t mangle -X
root@vignesh:~# iptables -P INPUT ACCEPT
root@vignesh:~# iptables -P FORWARD ACCEPT
root@vignesh:~# iptables -P OUTPUT ACCEPT
root@vignesh:~# iptables-save > /root/firewall.rules
我询问了 iptables-save
# Generated by iptables-save v1.4.21 on Wed Sep 23 18:50:34 2015
*mangle
:PREROUTING ACCEPT [41217:4171959]
:INPUT ACCEPT [27727:3255690]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1834:219528]
:POSTROUTING ACCEPT [1835:219654]
COMMIT
# Completed on Wed Sep 23 18:50:34 2015
# Generated by iptables-save v1.4.21 on Wed Sep 23 18:50:34 2015
*nat
:PREROUTING ACCEPT [15456:1179155]
:INPUT ACCEPT [1858:255303]
:OUTPUT ACCEPT [223:14078]
:POSTROUTING ACCEPT [223:14078]
COMMIT
# Completed on Wed Sep 23 18:50:34 2015
# Generated by iptables-save v1.4.21 on Wed Sep 23 18:50:34 2015
*filter
:INPUT ACCEPT [26756:3173280]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1775:215770]
COMMIT
根据评论检查
root@vignesh:~# netstat -an | grep 22
tcp 0 0 10.100.8.40:54036 216.58.220.46:80 ESTABLISHED
tcp 0 0 10.100.8.40:41573 216.58.220.14:80 ESTABLISHED
unix 3 [ ] STREAM CONNECTED 17722 @/tmp/dbus-JUNz9GwSon
unix 3 [ ] STREAM CONNECTED 13422
unix 3 [ ] STREAM CONNECTED 17224
unix 3 [ ] STREAM CONNECTED 17422
unix 2 [ ] DGRAM 9222
unix 3 [ ] STREAM CONNECTED 17221 /var/run/NetworkManager/private
unix 3 [ ] STREAM CONNECTED 17225 /var/run/NetworkManager/private
unix 3 [ ] STREAM CONNECTED 17229
unix 3 [ ] STREAM CONNECTED 17220
现在我再次尝试ssh root@localhost但再次出现错误。
请指导我在哪里我错过了这个部分?我怎样才能连接它?
nKn*_*nKn 16
您的netstat输出显示没有进程在侦听 port 22,这可以解释为什么您Connection refused在尝试 SSH 时会收到 a 。
您status关于sshd守护程序的信息显示正在运行,但是没有与其关联的侦听端口(或似乎没有)。
此外,正如您在评论中被告知的那样,您的sshd_config文件似乎不正确。你说你想禁用 root 登录,所以我会为你的 SSH 守护进程提出一个配置。
编辑/etc/ssh/sshd_config文件并将以下内容放入其中:
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
ClientAliveInterval 30
ClientAliveCountMax 99999
如果您担心安全性,您可以将 SSH 限制为您想要的用户。例如,如果你想限制只有用户vignesh可以 SSH,你可以添加另一个这样的指令:
AllowUsers vignesh
之后,只需重新启动sshd服务。完成后,如果您运行,netstat -atpn | grep 22您应该会看到正在22侦听每个人的端口。
| 归档时间: |
|
| 查看次数: |
189805 次 |
| 最近记录: |