美文网首页
诡秘的sshd免密连接

诡秘的sshd免密连接

作者: 天地一小儒 | 来源:发表于2020-06-15 14:34 被阅读0次

    问题描述

    gitlab上配置了ssh rsa 公钥,但在做连接测试时,发现一直提示你输入密码

    # 10.10.1.66为自建gitlab服务器地址
$ ssh -T git@10.10.1.66 
git@10.10.1.66's password:

    正确情况下应该是这样:

    $ ssh -T git@10.10.1.66 
Welcome to GitLab, @wangff!

    问题排查

    • 打开ssh的详细日志
    $ ssh -vvvT git@10.10.1.66 
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "10.10.1.66" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.10.1.66 [10.10.1.66] port 22.
debug1: Connection established.
debug1: identity file /home/rabbit/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.10.1.66:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/rabbit/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rabbit/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys from 10.10.1.66
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/YCUybXHjilIaZ3REGjkxKFMvDJljEOmDEVos3wnh9g
debug3: hostkeys_foreach: reading file "/home/rabbit/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rabbit/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys from 10.10.1.66
debug1: Host '10.10.1.66' is known and matches the ECDSA host key.
debug1: Found key in /home/rabbit/.ssh/known_hosts:6
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/rabbit/.ssh/id_rsa (0x55dbdd577a10), agent
debug2: key: /home/rabbit/.ssh/id_dsa ((nil))
debug2: key: /home/rabbit/.ssh/id_ecdsa ((nil))
debug2: key: /home/rabbit/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rabbit/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/rabbit/.ssh/id_dsa
debug3: no such identity: /home/rabbit/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/rabbit/.ssh/id_ecdsa
debug3: no such identity: /home/rabbit/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/rabbit/.ssh/id_ed25519
debug3: no such identity: /home/rabbit/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
git@10.10.1.66's password:

    关键信息在图片红框所示:we did not send a packet, disable method

    problem
    意思是本来这里要发公钥过去验证的,但是这里没有发,因为方法不可用。
    • 查看服务端的安全日志
    $ cat /var/log/secure.log
Jun 16 11:25:30 localhost unix_chkpwd[19109]: password check failed for user (git)
Jun 16 11:25:30 localhost sshd[19090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.1.42  user=git
Jun 16 11:25:30 localhost sshd[19090]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "git"
Jun 16 11:25:31 localhost sshd[19090]: Failed password for git from 10.10.1.42 port 61277 ssh2
Jun 16 11:25:34 localhost unix_chkpwd[19118]: password check failed for user (git)
Jun 16 11:25:34 localhost sshd[19090]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "git"
Jun 16 11:25:36 localhost sshd[19090]: Failed password for git from 10.10.1.42 port 61277 ssh2
Jun 16 11:25:39 localhost unix_chkpwd[19130]: password check failed for user (git)
Jun 16 11:25:39 localhost sshd[19090]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "git"
Jun 16 11:25:41 localhost sshd[19090]: Failed password for git from 10.10.1.42 port 61277 ssh2
Jun 16 11:25:41 localhost sshd[19090]: Connection closed by 10.10.1.42 port 61277 [preauth]
Jun 16 11:25:41 localhost sshd[19090]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.1.42  user=git
Jun 16 11:28:31 localhost polkitd[1626]: Registered Authentication Agent for unix-process:19727:7496911 (system bus name :1.433 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
Jun 16 11:28:31 localhost sshd[18107]: Received signal 15; terminating.
Jun 16 11:28:31 localhost sshd[19734]: Server listening on 0.0.0.0 port 22.
Jun 16 11:28:31 localhost sshd[19734]: Server listening on :: port 22.
Jun 16 11:28:31 localhost polkitd[1626]: Unregistered Authentication Agent for unix-process:19727:7496911 (system bus name :1.433, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
Jun 16 11:30:03 localhost unix_chkpwd[19923]: password check failed for user (git)
Jun 16 11:30:03 localhost sshd[19898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.1.42  user=git
Jun 16 11:30:03 localhost sshd[19898]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "git"
Jun 16 11:30:04 localhost sshd[19898]: Failed password for git from 10.10.1.42 port 61438 ssh2
Jun 16 11:30:12 localhost unix_chkpwd[19941]: password check failed for user (git)
Jun 16 11:30:12 localhost sshd[19898]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "git"
Jun 16 11:30:14 localhost sshd[19898]: Failed password for git from 10.10.1.42 port 61438 ssh2
Jun 16 11:31:13 localhost unix_chkpwd[20055]: password check failed for user (git)
Jun 16 11:31:13 localhost sshd[19898]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "git"
Jun 16 11:31:15 localhost sshd[19898]: Failed password for git from 10.10.1.42 port 61438 ssh2
Jun 16 11:31:15 localhost sshd[19898]: Connection closed by 10.10.1.42 port 61438 [preauth]
Jun 16 11:31:15 localhost sshd[19898]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.1.42  user=git
Jun 16 11:31:52 localhost sshd[20120]: Connection closed by 10.10.1.42 port 61459 [preauth]
Jun 16 11:35:44 localhost sshd[20590]: Connection closed by 10.10.1.42 port 61561 [preauth]
Jun 16 11:36:35 localhost sshd[20762]: Connection closed by 10.10.1.42 port 61572 [preauth]

    这里也没发现什么有价值的消息

    • 检查了客户端和服务端的sshd_config

    于是上网搜索了一下有没有类似的问题,主要解决方案有两类:

    1. sshd_config的配置项有问题。PasswordAuthentication yesRSAAuthentication yes
    2. ~/.ssh/ 目录权限有问题。chmod 700 ~/.ssh/chmod 600 ~/.ssh/*

    我检查了客户端和服务端的sshd_config,发现使用的配置信息是对。

    $ cat /etc/ssh/ssh_config 
#       $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#
# Uncomment this if you want to use .local domain
# Host *.local
#   CheckHostIP no

Host *
        GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
        ForwardX11Trusted yes
# Send locale-related environment variables
        SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
        SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
        SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
        SendEnv XMODIFIERS

    然后又检查ssh目录的权限,发现也没有问题

    ll ~/.ssh/
总用量 12
-rw-------. 1 rabbit rabbit 1675 Jan 17 15:56 id_rsa
-rw-------. 1 rabbit rabbit  405 Jan 17 15:56 id_rsa.pub
-rw-------. 1 rabbit rabbit 2435 May 25 15:17 known_hosts
    • 服务端sshd的debug日志

    我发现问题已经陷入了僵局, 然后我开始试着启动sshd的debug日志看看结果会不会有所不同

    # 服务端启动, 2222为测试端口
$ /usr/sbin/sshd -d -p 2222
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:4zltEQtVQzMhA9elrRVjOnf1UiMy1GfTC/RGE5H9zCc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:/YCUybXHjilIaZ3REGjkxKFMvDJljEOmDEVos3wnh9g
debug1: private host key #2: ssh-ed25519 SHA256:q1lFY4C/f4ZV76bHA0BzaHQay1VFLsWU8YSTD6QISUk
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 10.10.1.42 port 62384 on 10.10.1.66 port 2222
debug1: Client protocol version 2.0; client software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Enabling compatibility mode for protocol 2.0
debug1: SELinux support enabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user git service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "git"
debug1: PAM: setting PAM_RHOST to "10.10.1.42"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user git service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI [preauth]
debug1: temporarily_use_uid: 990/984 (e=0/0)
debug1: trying public key file /var/opt/gitlab/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /var/opt/gitlab/.ssh/authorized_keys, line 21 RSA SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI
debug1: restore_uid: 0/0
Postponed publickey for git from 10.10.1.42 port 62384 ssh2 [preauth]
debug1: userauth-request for user git service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug1: temporarily_use_uid: 990/984 (e=0/0)
debug1: trying public key file /var/opt/gitlab/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /var/opt/gitlab/.ssh/authorized_keys, line 21 RSA SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI
debug1: restore_uid: 0/0
debug1: do_pam_account: called
Accepted publickey for git from 10.10.1.42 port 62384 ssh2: RSA SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI
debug1: monitor_child_preauth: git has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: temporarily_use_uid: 990/984 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support enabled
debug1: PAM: establishing credentials
User child is on pid 21884
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 990/984
debug1: rekey after 134217728 blocks
debug1: rekey after 134217728 blocks
debug1: ssh_packet_set_postauth: called
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch
debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: forced-command (key-option) '/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell key-21' for git from 10.10.1.42 port 62384 id 0
debug1: session_new: session 0
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 21885
debug1: session_exit_message: session 0 channel 0 pid 21885
debug1: session_exit_message: release channel 0
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
Close session: user git from 10.10.1.42 port 62384 id 0
debug1: channel 0: free: server-session, nchannels 1
Received disconnect from 10.10.1.42 port 62384:11: disconnected by user
Disconnected from 10.10.1.42 port 62384
debug1: do_cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials

    # 客户端连接
$ ssh -vvvT git@10.10.1.66 -p 2222
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "10.10.1.66" port 2222
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.10.1.66 [10.10.1.66] port 2222.
debug1: Connection established.
debug1: identity file /home/rabbit/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.10.1.66:2222 as 'git'
debug3: put_host_port: [10.10.1.66]:2222
debug3: hostkeys_foreach: reading file "/home/rabbit/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/YCUybXHjilIaZ3REGjkxKFMvDJljEOmDEVos3wnh9g
debug3: put_host_port: [10.10.1.66]:2222
debug3: put_host_port: [10.10.1.66]:2222
debug3: hostkeys_foreach: reading file "/home/rabbit/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/home/rabbit/.ssh/known_hosts"
debug1: checking without port identifier
debug3: hostkeys_foreach: reading file "/home/rabbit/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rabbit/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys from 10.10.1.66
debug1: Host '10.10.1.66' is known and matches the ECDSA host key.
debug1: Found key in /home/rabbit/.ssh/known_hosts:6
debug1: found matching key w/out port
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/rabbit/.ssh/id_rsa (0x556f0aaca5c0), agent
debug2: key: /home/rabbit/.ssh/id_dsa ((nil))
debug2: key: /home/rabbit/.ssh/id_ecdsa ((nil))
debug2: key: /home/rabbit/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rabbit/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI
debug3: sign_and_send_pubkey: RSA SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 10.10.1.66 ([10.10.1.66]:2222).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 4
debug1: Remote: Forced command.
debug3: receive packet: type 4
debug1: Remote: Port forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: X11 forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: Agent forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: PTY allocation disabled.
debug3: receive packet: type 4
debug1: Remote: Forced command.
debug3: receive packet: type 4
debug1: Remote: Port forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: X11 forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: Agent forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: PTY allocation disabled.
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x08
debug2: client_session2_setup: id 0
debug1: Sending environment.
debug1: Sending env LC_PAPER = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env XDG_VTNR
debug3: Ignored env ZOOKEEPER
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env TERM_PROGRAM
debug3: Ignored env HOSTNAME
debug1: Sending env LC_MONETARY = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env GIO_LAUNCHED_DESKTOP_FILE_PID
debug3: Ignored env IMSETTINGS_INTEGRATE_DESKTOP
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env TERM_PROGRAM_VERSION
debug3: Ignored env GJS_DEBUG_OUTPUT
debug1: Sending env LC_NUMERIC = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env ORIGINAL_XDG_CURRENT_DESKTOP
debug3: Ignored env GJS_DEBUG_TOPICS
debug3: Ignored env IMSETTINGS_MODULE
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env LD_LIBRARY_PATH
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env USERNAME
debug3: Ignored env GIO_LAUNCHED_DESKTOP_FILE
debug3: Ignored env GNOME_SHELL_SESSION_MODE
debug3: Ignored env GAEA_CFG_PATH
debug3: Ignored env MAIL
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env PATH
debug3: Ignored env GOPROXY
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env PWD
debug3: Ignored env XDG_SESSION_TYPE
debug1: Sending env XMODIFIERS = @im=ibus
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug1: Sending env LANG = zh_CN.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env GDM_LANG
debug1: Sending env LC_MEASUREMENT = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env CHROME_DESKTOP
debug3: Ignored env KAFKA
debug3: Ignored env GDMSESSION
debug3: Ignored env RABBIT_CFG_PATH
debug3: Ignored env HISTCONTROL
debug3: Ignored env GOSUMDB
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env XDG_SEAT
debug3: Ignored env VSCODE_GIT_ASKPASS_MAIN
debug3: Ignored env GOROOT
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env FABRIC_CFG_PATH
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env LOGNAME
debug3: Ignored env VSCODE_GIT_IPC_HANDLE
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env PKG_CONFIG_PATH
debug3: Ignored env GOPATH
debug3: Ignored env LESSOPEN
debug3: Ignored env VSCODE_GIT_ASKPASS_NODE
debug3: Ignored env GIT_ASKPASS
debug3: Ignored env WINDOWPATH
debug3: Ignored env DISPLAY
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env NO_AT_BRIDGE
debug1: Sending env LC_TIME = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: channel 0: rcvd ext data 483
Environment:
  LC_PAPER=en_GB.UTF-8
  LC_MONETARY=en_GB.UTF-8
  LC_NUMERIC=en_GB.UTF-8
  XMODIFIERS=@im=ibus
  LANG=zh_CN.UTF-8
  LC_MEASUREMENT=en_GB.UTF-8
  LC_TIME=en_GB.UTF-8
  USER=git
  LOGNAME=git
  HOME=/var/opt/gitlab
  PATH=/usr/local/bin:/usr/bin
  MAIL=/var/mail/git
  SHELL=/bin/sh
  SSH_CLIENT=10.10.1.42 62384 2222
  SSH_CONNECTION=10.10.1.42 62384 10.10.1.66 2222
  SELINUX_ROLE_REQUESTED=
  SELINUX_LEVEL_REQUESTED=
  SELINUX_USE_CURRENT_RANGE=
  XDG_SESSION_ID=144
debug2: channel 0: written 483 to efd 7
Welcome to GitLab, @wangff!
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: send packet: type 1
Transferred: sent 3152, received 3716 bytes, in 0.5 seconds
Bytes per second: sent 6072.6, received 7159.2
debug1: Exit status 0

    结果让我大吃一惊,成功了?!
    我开始有点懵逼了,然后我又试着测试原来的22端口,结果发现依然失败,提示需要输入密码!
    于是我怀疑是服务端systemctl 启动的sshd有问题,然后我果断停止了系统管控的sshd,手动启动了一个

    $ systemctl stop sshd
$ /usr/sbin/sshd -d
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:4zltEQtVQzMhA9elrRVjOnf1UiMy1GfTC/RGE5H9zCc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:/YCUybXHjilIaZ3REGjkxKFMvDJljEOmDEVos3wnh9g
debug1: private host key #2: ssh-ed25519 SHA256:q1lFY4C/f4ZV76bHA0BzaHQay1VFLsWU8YSTD6QISUk
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 10.10.1.42 port 62434 on 10.10.1.66 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Enabling compatibility mode for protocol 2.0
debug1: SELinux support enabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user git service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "git"
debug1: PAM: setting PAM_RHOST to "10.10.1.42"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user git service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI [preauth]
debug1: temporarily_use_uid: 990/984 (e=0/0)
debug1: trying public key file /var/opt/gitlab/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /var/opt/gitlab/.ssh/authorized_keys, line 21 RSA SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI
debug1: restore_uid: 0/0
Postponed publickey for git from 10.10.1.42 port 62434 ssh2 [preauth]
debug1: userauth-request for user git service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug1: temporarily_use_uid: 990/984 (e=0/0)
debug1: trying public key file /var/opt/gitlab/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /var/opt/gitlab/.ssh/authorized_keys, line 21 RSA SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI
debug1: restore_uid: 0/0
debug1: do_pam_account: called
Accepted publickey for git from 10.10.1.42 port 62434 ssh2: RSA SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI
debug1: monitor_child_preauth: git has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: temporarily_use_uid: 990/984 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support enabled
debug1: PAM: establishing credentials
User child is on pid 22326
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 990/984
debug1: rekey after 134217728 blocks
debug1: rekey after 134217728 blocks
debug1: ssh_packet_set_postauth: called
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch
debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: forced-command (key-option) '/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell key-21' for git from 10.10.1.42 port 62434 id 0
debug1: session_new: session 0
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 22327
debug1: session_exit_message: session 0 channel 0 pid 22327
debug1: session_exit_message: release channel 0
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
Close session: user git from 10.10.1.42 port 62434 id 0
debug1: channel 0: free: server-session, nchannels 1
Received disconnect from 10.10.1.42 port 62434:11: disconnected by user
Disconnected from 10.10.1.42 port 62434
debug1: do_cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials

    客户端正常连接,结果发现,竟然可以了!

    $ ssh -vvvT git@10.10.1.66 
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "10.10.1.66" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.10.1.66 [10.10.1.66] port 22.
debug1: Connection established.
debug1: identity file /home/rabbit/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rabbit/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.10.1.66:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/rabbit/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rabbit/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys from 10.10.1.66
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/YCUybXHjilIaZ3REGjkxKFMvDJljEOmDEVos3wnh9g
debug3: hostkeys_foreach: reading file "/home/rabbit/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rabbit/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys from 10.10.1.66
debug1: Host '10.10.1.66' is known and matches the ECDSA host key.
debug1: Found key in /home/rabbit/.ssh/known_hosts:6
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/rabbit/.ssh/id_rsa (0x55774935ca10), agent
debug2: key: /home/rabbit/.ssh/id_dsa ((nil))
debug2: key: /home/rabbit/.ssh/id_ecdsa ((nil))
debug2: key: /home/rabbit/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rabbit/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI
debug3: sign_and_send_pubkey: RSA SHA256:rjvgd1XiRRCNusk32m5nkg2iX+BUhXIHKkJBsq9O6kI
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 10.10.1.66 ([10.10.1.66]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 4
debug1: Remote: Forced command.
debug3: receive packet: type 4
debug1: Remote: Port forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: X11 forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: Agent forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: PTY allocation disabled.
debug3: receive packet: type 4
debug1: Remote: Forced command.
debug3: receive packet: type 4
debug1: Remote: Port forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: X11 forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: Agent forwarding disabled.
debug3: receive packet: type 4
debug1: Remote: PTY allocation disabled.
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x08
debug2: client_session2_setup: id 0
debug1: Sending environment.
debug1: Sending env LC_PAPER = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env XDG_VTNR
debug3: Ignored env ZOOKEEPER
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env TERM_PROGRAM
debug3: Ignored env HOSTNAME
debug1: Sending env LC_MONETARY = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env GIO_LAUNCHED_DESKTOP_FILE_PID
debug3: Ignored env IMSETTINGS_INTEGRATE_DESKTOP
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env TERM_PROGRAM_VERSION
debug3: Ignored env GJS_DEBUG_OUTPUT
debug1: Sending env LC_NUMERIC = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env ORIGINAL_XDG_CURRENT_DESKTOP
debug3: Ignored env GJS_DEBUG_TOPICS
debug3: Ignored env IMSETTINGS_MODULE
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env LD_LIBRARY_PATH
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env USERNAME
debug3: Ignored env GIO_LAUNCHED_DESKTOP_FILE
debug3: Ignored env GNOME_SHELL_SESSION_MODE
debug3: Ignored env GAEA_CFG_PATH
debug3: Ignored env MAIL
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env PATH
debug3: Ignored env GOPROXY
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env PWD
debug3: Ignored env XDG_SESSION_TYPE
debug1: Sending env XMODIFIERS = @im=ibus
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug1: Sending env LANG = zh_CN.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env GDM_LANG
debug1: Sending env LC_MEASUREMENT = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env CHROME_DESKTOP
debug3: Ignored env KAFKA
debug3: Ignored env GDMSESSION
debug3: Ignored env RABBIT_CFG_PATH
debug3: Ignored env HISTCONTROL
debug3: Ignored env GOSUMDB
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env XDG_SEAT
debug3: Ignored env VSCODE_GIT_ASKPASS_MAIN
debug3: Ignored env GOROOT
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env FABRIC_CFG_PATH
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env LOGNAME
debug3: Ignored env VSCODE_GIT_IPC_HANDLE
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env PKG_CONFIG_PATH
debug3: Ignored env GOPATH
debug3: Ignored env LESSOPEN
debug3: Ignored env VSCODE_GIT_ASKPASS_NODE
debug3: Ignored env GIT_ASKPASS
debug3: Ignored env WINDOWPATH
debug3: Ignored env DISPLAY
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env NO_AT_BRIDGE
debug1: Sending env LC_TIME = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: channel 0: rcvd ext data 479
Environment:
  LC_PAPER=en_GB.UTF-8
  LC_MONETARY=en_GB.UTF-8
  LC_NUMERIC=en_GB.UTF-8
  XMODIFIERS=@im=ibus
  LANG=zh_CN.UTF-8
  LC_MEASUREMENT=en_GB.UTF-8
  LC_TIME=en_GB.UTF-8
  USER=git
  LOGNAME=git
  HOME=/var/opt/gitlab
  PATH=/usr/local/bin:/usr/bin
  MAIL=/var/mail/git
  SHELL=/bin/sh
  SSH_CLIENT=10.10.1.42 62434 22
  SSH_CONNECTION=10.10.1.42 62434 10.10.1.66 22
  SELINUX_ROLE_REQUESTED=
  SELINUX_LEVEL_REQUESTED=
  SELINUX_USE_CURRENT_RANGE=
  XDG_SESSION_ID=144
debug2: channel 0: written 479 to efd 7
Welcome to GitLab, @wangff!
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: send packet: type 1
Transferred: sent 3152, received 3716 bytes, in 0.5 seconds
Bytes per second: sent 6844.6, received 8069.3
debug1: Exit status 0

    重复试了两三次,发现用systemctl start sshd启动的sshd服务确实有问题,而手动/usr/sbin/sshd -d的就没有问题

    • 于是,我检查了服务端sshd.service的配置
    # cat /usr/lib/systemd/system/sshd.service
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target
    • 发现没有问题,又全局搜索sshd_config
    $ find / -name sshd_config
find: ‘/proc/22573’: 没有那个文件或目录
/etc/ssh/sshd_config
/opt/gitlab/embedded/service/gitlab-rails/ee/spec/fixtures/system_check/sshd_config

    发现就两个文件,手动比对之后,发现文件关键内容是一致的。然后我就懵圈了,一看时间已经过去了一上午,无奈之下只好暂缓此问题的排查,改为手动启动sshd

    $ nohup /usr/sbin/sshd -D &

    再次测试,ssh连接,没问题了。

    $ ssh -T git@10.10.1.66 
Welcome to GitLab, @wangff!

    行叭,今天就到这里,这诡秘的sshd免密连接,我佛了,俺就在这里撒泡尿留个证据,希望以后有机会再来把你看清。

    相关文章

      网友评论

          本文标题:诡秘的sshd免密连接

          本文链接:https://www.haomeiwen.com/subject/lipcxktx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|诡秘的sshd免密连接|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!