집에서 놀던 노트북을 미니서버로 활용하기 위해 페도라를 새로 다운받아 설치했습니다 (최신버전 20) 그런데 sshd 데몬의 동작이 좀 이상하고, 무엇보다 타 PC에서 접속이 잘 되지 않습니다. 세부적인 환경은 다음과 같습니다.
- 리눅스에서 방화벽은 아예 죽여 놓았음. 따라서 모든 포트 완전 개방 상태. - 포트는 22번 유지 - PasswordAuthentication 설정 - Protocol 2 설정
이 상태에서, 타 PC(Windows)에서 리눅스로 ssh 접속시 증상은 다음과 같습니다. - putty 사용 - 로그인 창은 잘 뜸 - 그러나 id pw 입력하고 엔터 치면 putty 창이 닫혀 버림 - 패스워드 틀린 것은 절대 아님. 틀리게 입력하면 오히려 재입력하라고 뜨는데, 입력 성공할 경우에만 창이 닫혀 버림
이 현상과 관련 있는지는 모르겠으나, sshd 데몬 구동상에서 나타나는 이상한 현상도 조금 있어 나열하자면 - service sshd start, systemctl start sshd.service 로는 실행되지 않음. - /usr/sbin/sshd 로만 실행됨. 단,실행은 되지만 이런 에러가 뜸 : Could not load host key: /etc/ssh/ssh_host_ecdsa_key ssh-keygen 으로 /etc/ssh/ssh_host_ecdsa_key 파일이 이미 생성돼 있는데 이런 에러가 뜨는 것임.
혹시 해서 /usr/sbin/sshd -d 로 실행한 후 원격에서 접속시, 창이 닫히기까지 상황에서 발생한 sshd 로그를 첨부합니다. 좀 깁니다. 도움 부탁드립니다. (접속시 사용한 id는 pubuser)
[root@localhost ~]# /usr/sbin/sshd -d debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Could not load host key: /etc/ssh/ssh_host_ecdsa_key debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' Set /proc/self/oom_score_adj from 0 to -1000 debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from 10.10.1.10 port 1864 debug1: Client protocol version 2.0; client software version PuTTY_Release_0.62 debug1: no match: PuTTY_Release_0.62 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.4 debug1: SELinux support enabled [preauth] debug1: permanently_set_uid: 74/74 [preauth] debug1: list_hostkey_types: ssh-rsa [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth] debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received [preauth] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: KEX done [preauth]
(여기까지는 putty 클라이언트에서 서버 접속 후 로그인 프롬프트가 뜬 상태까지의 서버 로그. 자, 이제 id 입력)
debug1: userauth-request for user pubuser service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug1: PAM: initializing for "pubuser" debug1: PAM: setting PAM_RHOST to "10.10.1.10" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user pubuser service ssh-connection method gssapi-with-mic [preauth] debug1: attempt 1 failures 0 [preauth] debug1: Unspecified GSS failure. Minor code may provide more information Key table file '/etc/krb5.keytab' not found
(여기까지는 id 입력시 뜨는 로그)
debug1: userauth-request for user pubuser service ssh-connection method password [preauth] debug1: attempt 2 failures 0 [preauth] debug1: PAM: password authentication accepted for pubuser debug1: do_pam_account: called Accepted password for pubuser from 10.10.1.10 port 1864 ssh2 debug1: monitor_child_preauth: pubuser has been authenticated by privileged process debug1: monitor_read_log: child log fd closed debug1: temporarily_use_uid: 1001/1001 (e=0/0) debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism debug1: restore_uid: 0/0 debug1: SELinux support enabled debug1: PAM: establishing credentials PAM: pam_open_session(): Cannot make/remove an entry for the specified session User child is on pid 2855 debug1: PAM: establishing credentials debug1: permanently_set_uid: 1001/1001 ssh_selinux_copy_context: setcon failed with Permission denied debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_new: session 0 debug1: session_pty_req: session 0 alloc /dev/pts/4 debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: Setting controlling tty using TIOCSCTTY. debug1: Received SIGCHLD. debug1: session_by_pid: pid 2856 debug1: session_exit_message: session 0 channel 0 pid 2856 debug1: session_exit_message: release channel 0 debug1: session_by_tty: session 0 tty /dev/pts/4 debug1: session_pty_cleanup: session 0 release /dev/pts/4 debug1: session_by_channel: session 0 channel 0 debug1: session_close_by_channel: channel 0 child 0 debug1: session_close: session 0 pid 0 debug1: channel 0: free: server-session, nchannels 1 Connection closed by 10.10.1.10 debug1: do_cleanup Transferred: sent 3592, received 1792 bytes Closing connection to 10.10.1.10 port 1864 debug1: PAM: cleanup debug1: PAM: deleting credentials [root@localhost ~]#
본인삭제금지
글쓰기