ssh在DS-lite上被拒绝进入TrueNAS连接
ssh在DS-lite上被拒绝进入TrueNAS连接
提问于 2022-06-24 13:12:10
进入TrueNAS后的FRITZ!盒连接到DSlite连接不工作,我总是得到一个“连接拒绝”。
在放置TrueNAS的局域网中,web和ssh按预期的方式工作。另外,通过dyndns服务(myfritz)连接到FRITZ!Box和TrueNAS的web连接可以通过浏览器按预期工作。
操作系统:在Fedora 35、Debian、Windows 10和不同网络中进行测试
规格和设置:
Fritz box: 4712
FRITZ!OS: 06.87
TrueNAS-12.0-U8.1
ipv6: connected
ipv4: connected over DS-Lite-Tunnel
dynDNS: myfritz service
Fritz!Box port sharing:
device: truenas
IPv4: 192.168.178.25
IPv6: ::7285:c2ff:fe29:8a45
Shares:
ipv4 HTTPS-Server -> port 443
ipv4 SSH -> port 22
ipv6 HTTPS-Server -> port 443
ipv6 SSH -> port 22
Self contained port sharing: enabled, but zero active
Exposed Host option for v4 and v6 -> disabled SSH通过lan (工作类似于预期):
ssh -l root -i ~/.ssh/id_ecdsa -p 22 truenas ->更正ssh登录
通过internet (ipv6仅因为DSLite):
ssh -l root -i ~/.ssh/id_ecdsa -p 22 -6 2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45 ->连接被拒绝
以下是详细ssh的输出
ssh -vvv -l root -i ~/.ssh/id_ecdsa -p 22 -6 2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45
OpenSSH_8.7p1, OpenSSL 1.1.1n FIPS 15 Mar 2022
debug1: Reading configuration data /home/rob/.ssh/config
debug1: /home/rob/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45 originally 2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45 is address
debug1: re-parsing configuration
debug1: Reading configuration data /home/rob/.ssh/config
debug1: /home/rob/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45 originally 2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/rob/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/rob/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45 [2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45] port 22.
debug3: set_sock_tos: set socket 3 IPV6_TCLASS 0x48
debug1: connect to address 2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45 port 22: Network is unreachable
ssh: connect to host 2001:9e8:x:xxxx:xxxx:xxxx:fe29:8a45 port 22: Network is unreachable任何帮助都是非常感谢的。谢谢
回答 1
Server Fault用户
发布于 2022-06-25 18:15:58
tl;dr:解决方案:在TrueNAS中,在服务部分中的SSH设置中,启用选项“允许TCP端口转发”。
我强迫ssh在本地网络中使用ipv6进行测试,发现本地网络中也拒绝了连接。因此,很明显,ipv6本身存在一个TrueNAS问题。除了允许TCP端口转发之外,我找不到任何其他看起来很有希望的SSH服务设置。这立刻解决了问题。
PS:正确检测错误的问题之一是,我的手机提供商根本不提供IPv6,而且我一开始没有注意到,因为我无法想象2022年会发生这样的事情。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1104031
复制相关文章
相似问题
腾讯云开发者
