linux中ssh可以登录sftp不能登录解决办法
2016-10-09 14:25
567 查看
我的服务器一直正常使用,平时使用secureCRT进行管理,使用secureFX进行文件的上传下载,突然有一天secureFX连接的时候出问题了,secureFX的日志如下:
i SecureFX 版本 6.6.1.289 (Official Release - November 4, 2010)
i 会话 00002 成功建立(为) session mydomain_218.245.0.54_cd.mydomain.com
i SSH2Core version 6.6.0.289
i 正在连接到 cd.mydomain.com:22 ...
i 正在从状态 STATE_NOT_CONNECTED 更改为 STATE_EXPECT_KEX_INIT
i Using protocol SSH2
i RECV : Remote Identifier = 'SSH-2.0-OpenSSH_5.3'
i CAP : Remote can re-key
i CAP : Remote sends language in password change requests
i CAP : Remote sends algorithm name in PK_OK packets
i CAP : Remote sends algorithm name in public key packets
i CAP : Remote sends algorithm name in signatures
i CAP : Remote sends error text in open failure packets
i CAP : Remote sends name in service accept packets
i CAP : Remote includes port number in x11 open packets
i CAP : Remote uses 160 bit keys for SHA1 MAC
i CAP : Remote supports new diffie-hellman group exchange messages
i CAP : Remote correctly handles unknown SFTP extensions
i CAP : Remote correctly encodes OID for gssapi
i CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
i The following key exchange method has been filtered from the key
exchange method list because it is not supported:
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
i SEND : KEXINIT
i RECV : Read kexinit
i Available Remote Kex Methods =
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
i Channel Closed.
很是不解,Google了半天也没解决问题。
首先为了确保其他稀奇古怪的问题出现,我将iptables和selinux都关闭,还是不行。
查看/etc/ssh/sshd_config文件中的 Subsystem sftp /usr/libexec/openssh/sftp-server 有没有被注释,经查是没有被注释的,而且文件系统里也有
[root@cd ~]# ll /usr/libexec/openssh/sftp-server
----------. 1 root root 63544 2月 22 2013 /usr/libexec/openssh/sftp-server
说明应该是对的。
然后开启了ssh的dubug模式,编辑/etc/ssh/sshd_config文件,将LogLevel INFO改为LogLevel DEBUG,重启了sshd服务
# /etc/init.d/sshd restart
再使用secureFX登录时查看日志信息,
查看# tail -f /var/log/messages 时没有日志输出,
查看# tail -f /var/log/secure 时日志输出如下,未见明显的错误信息输出:
Aug 12 18:21:59 cd sshd[1307]: debug1: Forked child 1870.
Aug 12 18:21:59 cd sshd[1870]: Set /proc/self/oom_score_adj to 0
Aug 12 18:21:59 cd sshd[1870]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Aug 12 18:21:59 cd sshd[1870]: debug1: inetd sockets after dupping: 3, 3
Aug 12 18:21:59 cd sshd[1870]: Connection from 171.214.177.214 port 52174
Aug 12 18:21:59 cd sshd[1870]: debug1: Client protocol version 2.0; client software version SecureFX_6_6_1_289 SecureFX
Aug 12 18:21:59 cd sshd[1870]: debug1: no match: SecureFX_6_6_1_289 SecureFX
Aug 12 18:21:59 cd sshd[1870]: debug1: Enabling compatibility mode for protocol 2.0
Aug 12 18:21:59 cd sshd[1870]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Aug 12 18:21:59 cd sshd[1871]: debug1: permanently_set_uid: 74/74
Aug 12 18:21:59 cd sshd[1871]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_KEXINIT sent
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_KEXINIT received
Aug 12 18:21:59 cd sshd[1871]: debug1: kex: client->server aes256-ctr hmac-sha1 none
Aug 12 18:21:59 cd sshd[1871]: debug1: kex: server->client aes256-ctr hmac-sha1 none
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Aug 12 18:21:59 cd sshd[1871]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_NEWKEYS sent
Aug 12 18:21:59 cd sshd[1871]: debug1: expecting SSH2_MSG_NEWKEYS
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_NEWKEYS received
Aug 12 18:21:59 cd sshd[1871]: debug1: KEX done
Aug 12 18:21:59 cd sshd[1871]: debug1: userauth-request for user root service ssh-connection method none
Aug 12 18:21:59 cd sshd[1871]: debug1: attempt 0 failures 0
Aug 12 18:21:59 cd sshd[1870]: debug1: PAM: initializing for "root"
Aug 12 18:21:59 cd sshd[1870]: debug1: PAM: setting PAM_RHOST to "171.214.177.214"
Aug 12 18:21:59 cd sshd[1870]: debug1: PAM: setting PAM_TTY to "ssh"
Aug 12 18:21:59 cd sshd[1871]: debug1: userauth-request for user root service ssh-connection
无解,继续Google解决办法 https://www.linuxquestions.org/questions/linux-server-73/can't-get-sftp-logging-to-work-931609/ 收到启发,将 /etc/ssh/sshd_config 中的
Subsystem sftp /usr/libexec/openssh/sftp-server
改为
Subsystem sftp internal-sftp
重启sshd后,sftp正常工作了。
但是原因仍然不知为何,回头看看,发现 /usr/libexec/openssh/sftp-server 没有任何权限:
# ll /usr/libexec/openssh/sftp-server
----------. 1 root root 63544 2月 22 2013 /usr/libexec/openssh/sftp-server
正常情况应该是这样:
# ll /usr/libexec/openssh/sftp-server
-rwxr-xr-x. 1 root root 63544 Nov 23 2013 /usr/libexec/openssh/sftp-server
咨询大师说 停止openssh 服务 rm sftp-server文件 正常的scp 过去 再启动openssh
但是我是远程操作,生产系统,不敢停止openssh服务,万一连不上就瓜了,大师建议那就先这样用着。
Note:/usr/libexec/openssh/sftp-server没任何权限,root用户都没法删除修改。
i SecureFX 版本 6.6.1.289 (Official Release - November 4, 2010)
i 会话 00002 成功建立(为) session mydomain_218.245.0.54_cd.mydomain.com
i SSH2Core version 6.6.0.289
i 正在连接到 cd.mydomain.com:22 ...
i 正在从状态 STATE_NOT_CONNECTED 更改为 STATE_EXPECT_KEX_INIT
i Using protocol SSH2
i RECV : Remote Identifier = 'SSH-2.0-OpenSSH_5.3'
i CAP : Remote can re-key
i CAP : Remote sends language in password change requests
i CAP : Remote sends algorithm name in PK_OK packets
i CAP : Remote sends algorithm name in public key packets
i CAP : Remote sends algorithm name in signatures
i CAP : Remote sends error text in open failure packets
i CAP : Remote sends name in service accept packets
i CAP : Remote includes port number in x11 open packets
i CAP : Remote uses 160 bit keys for SHA1 MAC
i CAP : Remote supports new diffie-hellman group exchange messages
i CAP : Remote correctly handles unknown SFTP extensions
i CAP : Remote correctly encodes OID for gssapi
i CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
i The following key exchange method has been filtered from the key
exchange method list because it is not supported:
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
i SEND : KEXINIT
i RECV : Read kexinit
i Available Remote Kex Methods =
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
i Channel Closed.
很是不解,Google了半天也没解决问题。
首先为了确保其他稀奇古怪的问题出现,我将iptables和selinux都关闭,还是不行。
查看/etc/ssh/sshd_config文件中的 Subsystem sftp /usr/libexec/openssh/sftp-server 有没有被注释,经查是没有被注释的,而且文件系统里也有
[root@cd ~]# ll /usr/libexec/openssh/sftp-server
----------. 1 root root 63544 2月 22 2013 /usr/libexec/openssh/sftp-server
说明应该是对的。
然后开启了ssh的dubug模式,编辑/etc/ssh/sshd_config文件,将LogLevel INFO改为LogLevel DEBUG,重启了sshd服务
# /etc/init.d/sshd restart
再使用secureFX登录时查看日志信息,
查看# tail -f /var/log/messages 时没有日志输出,
查看# tail -f /var/log/secure 时日志输出如下,未见明显的错误信息输出:
Aug 12 18:21:59 cd sshd[1307]: debug1: Forked child 1870.
Aug 12 18:21:59 cd sshd[1870]: Set /proc/self/oom_score_adj to 0
Aug 12 18:21:59 cd sshd[1870]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Aug 12 18:21:59 cd sshd[1870]: debug1: inetd sockets after dupping: 3, 3
Aug 12 18:21:59 cd sshd[1870]: Connection from 171.214.177.214 port 52174
Aug 12 18:21:59 cd sshd[1870]: debug1: Client protocol version 2.0; client software version SecureFX_6_6_1_289 SecureFX
Aug 12 18:21:59 cd sshd[1870]: debug1: no match: SecureFX_6_6_1_289 SecureFX
Aug 12 18:21:59 cd sshd[1870]: debug1: Enabling compatibility mode for protocol 2.0
Aug 12 18:21:59 cd sshd[1870]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Aug 12 18:21:59 cd sshd[1871]: debug1: permanently_set_uid: 74/74
Aug 12 18:21:59 cd sshd[1871]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_KEXINIT sent
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_KEXINIT received
Aug 12 18:21:59 cd sshd[1871]: debug1: kex: client->server aes256-ctr hmac-sha1 none
Aug 12 18:21:59 cd sshd[1871]: debug1: kex: server->client aes256-ctr hmac-sha1 none
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Aug 12 18:21:59 cd sshd[1871]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_NEWKEYS sent
Aug 12 18:21:59 cd sshd[1871]: debug1: expecting SSH2_MSG_NEWKEYS
Aug 12 18:21:59 cd sshd[1871]: debug1: SSH2_MSG_NEWKEYS received
Aug 12 18:21:59 cd sshd[1871]: debug1: KEX done
Aug 12 18:21:59 cd sshd[1871]: debug1: userauth-request for user root service ssh-connection method none
Aug 12 18:21:59 cd sshd[1871]: debug1: attempt 0 failures 0
Aug 12 18:21:59 cd sshd[1870]: debug1: PAM: initializing for "root"
Aug 12 18:21:59 cd sshd[1870]: debug1: PAM: setting PAM_RHOST to "171.214.177.214"
Aug 12 18:21:59 cd sshd[1870]: debug1: PAM: setting PAM_TTY to "ssh"
Aug 12 18:21:59 cd sshd[1871]: debug1: userauth-request for user root service ssh-connection
无解,继续Google解决办法 https://www.linuxquestions.org/questions/linux-server-73/can't-get-sftp-logging-to-work-931609/ 收到启发,将 /etc/ssh/sshd_config 中的
Subsystem sftp /usr/libexec/openssh/sftp-server
改为
Subsystem sftp internal-sftp
重启sshd后,sftp正常工作了。
但是原因仍然不知为何,回头看看,发现 /usr/libexec/openssh/sftp-server 没有任何权限:
# ll /usr/libexec/openssh/sftp-server
----------. 1 root root 63544 2月 22 2013 /usr/libexec/openssh/sftp-server
正常情况应该是这样:
# ll /usr/libexec/openssh/sftp-server
-rwxr-xr-x. 1 root root 63544 Nov 23 2013 /usr/libexec/openssh/sftp-server
咨询大师说 停止openssh 服务 rm sftp-server文件 正常的scp 过去 再启动openssh
但是我是远程操作,生产系统,不敢停止openssh服务,万一连不上就瓜了,大师建议那就先这样用着。
Note:/usr/libexec/openssh/sftp-server没任何权限,root用户都没法删除修改。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Linux下ssh登录速度慢的解决办法
- scponly 限定用户不能SSH登录,可以SFTP SCP传文件到指定目录
- Linux SSH 远程登录错误解决办法 WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
- Linux下ssh登录速度慢的解决办法
- vmware linux ubuntu network information(静态和动态桥接以前可以上的,现在都不能上网解决办法)
- Linux系统下SSH远程登录速度慢的解决办法
- Linux下ssh登录速度慢的解决办法
- linux下设置了SSH免密码登录但还是需要输入密码的解决办法
- 关于plsql可以登录,sqlplus不能登录解决办法
- Linux下ssh登录速度慢的解决办法
- telnet远程登录Linux RHEL提示不能在端口23打开连接的解决办法
- 解决Linux下FTP不能使用root登录的办法
- ssh免密码登录【遇到的问题: linux下设置了SSH免密码登录但还是需要输入密码的解决办法 】
- xshell不能ssh连接freebsd,而putty却可以的解决办法
- linux下设置了SSH免密码登录但还是需要输入密码的解决办法
- vmware linux ubuntu network information(静态和动态桥接以前可以上的,现在都不能上网解决办法)
- Linux下ssh登录速度慢的解决办法
- 解决ssh不能实现无密码登录,但是可以有密码登录
- Ubuntu中不能使用ssh远程登录的解决办法;ssh服务的安装与配置
- linux下设置了SSH免密码登录但还是需要输入密码的解决办法