어떤 이유로 내 IP 주소는 ssh 또는 sftp 사용이 금지되었습니다. 다른 IP를 사용하여 서버에 연결하는 데 문제가 없으며 내 IP로 다른 모든 서비스(예: http, teampeak)에 연결하는 데 문제가 없습니다.
결과 없이 iptables를 검색했으며 허용되도록 내 IP를 추가했습니다.
Chain num pkts bytes target prot opt in out source destination
ALLOWIN 1 88230 4544K ACCEPT all -- !lo * my.ip.here 0.0.0.0/0
ALLOWOUT 1 88514 11M ACCEPT all -- * !lo 0.0.0.0/0 my.ip.here
또한: 내 IP를 "alloweduser"로 추가했습니다.[이메일 보호됨]sshd_config에서 Hosts.allowed에 내 IP를 추가했습니다. Host.deny에 나열되지 않습니다. 호스트 이름 대신 IP에 연결을 시도했습니다. 재부팅되었습니다. Google 데이터 센터의 절반을 다운로드했습니다. (말의 형태) ... 그리고 기타 등등.
그래도 서버가 예기치 않게 네트워크 연결을 닫았다는 오류가 발생합니다.
내 IP 주소는 반영구적이므로 내 IP로 연결할 수 없는 이유를 알 수 없어서 상당히 짜증나고 답답합니다. SSH 또는 SFTP를 통해 이 서버에 연결할 수 있는 유일한 방법은 다른 서버를 사용하여 연결하거나 팀뷰어를 통해 다른 사람의 PC를 빌리는 것입니다.
편집: IP가 차단되지 않은 것 같습니다. 다른 컴퓨터를 사용하여 동일한 IP를 사용하여 연결할 수 있습니다.
더 많은 아이디어가 있나요? :에스
편집: 요청 시 추가됨:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- !lo * 213.186.33.99 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- !lo * 213.186.33.99 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- !lo * 213.186.33.99 0.0.0.0/0 tcp spt:53
996 88927 ACCEPT udp -- !lo * 213.186.33.99 0.0.0.0/0 udp spt:53
14M 1554M LOCALINPUT all -- !lo * 0.0.0.0/0 0.0.0.0/0
3036K 248M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3306K 604M INVALID tcp -- !lo * 0.0.0.0/0 0.0.0.0/0
14M 1527M ACCEPT all -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20
959 50296 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
418 24660 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22
120 6800 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25
1 40 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
259K 14M ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:80
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:110
2 100 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:143
73 3780 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:443
2 100 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:465
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:993
2 100 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:995
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2008
712 42720 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2222
3 120 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:3306
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:9987
610 36600 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:10011
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:20
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:21
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:22
8 895 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:2008
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:3306
3324 358K ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:9987
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:10011
62941 2076K ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5
1 56 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 11
22 3539 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 3
17689 933K LOGDROPIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 213.186.33.99 tcp dpt:53
1016 72259 ACCEPT udp -- * !lo 0.0.0.0/0 213.186.33.99 udp dpt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 213.186.33.99 tcp spt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 213.186.33.99 udp spt:53
21M 6176M LOCALOUTPUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
131 8015 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
31705 2660K ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp dpt:53
3 132 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp spt:53
8 493 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp spt:53
3036K 248M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
3014K 4013M INVALID tcp -- * !lo 0.0.0.0/0 0.0.0.0/0
21M 6156M ACCEPT all -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22
639 38340 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
7762 466K ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:80
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:110
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:113
5 300 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:443
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:993
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:995
24 1440 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2008
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2222
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:3306
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:9987
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:10011
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:20
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:21
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:22
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:113
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:123
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:2008
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:3306
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:9987
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:10011
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 8
3 1728 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 3
9507 1599K LOGDROPOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain ALLOWIN (1 references)
pkts bytes target prot opt in out source destination
169K 8151K ACCEPT all -- !lo * my.ip.is.here 0.0.0.0/0
Chain ALLOWOUT (1 references)
pkts bytes target prot opt in out source destination
169K 16M ACCEPT all -- * !lo 0.0.0.0/0 my.ip.is.here
Chain DENYIN (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- !lo * 119.27.26.112 0.0.0.0/0
0 0 DROP all -- !lo * 93.146.193.237 0.0.0.0/0
1 60 DROP all -- !lo * 182.100.67.115 0.0.0.0/0
0 0 DROP all -- !lo * 80.179.145.180 0.0.0.0/0
0 0 DROP all -- !lo * 182.100.67.102 0.0.0.0/0
19 1128 DROP all -- !lo * 200.161.210.250 0.0.0.0/0
456 27360 DROP all -- !lo * 80.82.65.61 0.0.0.0/0
11 740 DROP all -- !lo * 218.87.111.108 0.0.0.0/0
21 1604 DROP all -- !lo * 43.255.188.162 0.0.0.0/0
13 956 DROP all -- !lo * 182.100.67.114 0.0.0.0/0
81 3888 DROP all -- !lo * 59.92.245.31 0.0.0.0/0
606 29128 DROP all -- !lo * 180.214.233.74 0.0.0.0/0
16 1128 DROP all -- !lo * 58.218.211.166 0.0.0.0/0
19 1396 DROP all -- !lo * 218.65.30.73 0.0.0.0/0
Chain DENYOUT (1 references)
pkts bytes target prot opt in out source destination
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 119.27.26.112
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 93.146.193.237
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 182.100.67.115
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 80.179.145.180
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 182.100.67.102
18 1293 LOGDROPOUT all -- * !lo 0.0.0.0/0 200.161.210.250
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 80.82.65.61
10 1360 LOGDROPOUT all -- * !lo 0.0.0.0/0 218.87.111.108
11 1496 LOGDROPOUT all -- * !lo 0.0.0.0/0 43.255.188.162
10 1360 LOGDROPOUT all -- * !lo 0.0.0.0/0 182.100.67.114
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 59.92.245.31
15 1065 LOGDROPOUT all -- * !lo 0.0.0.0/0 180.214.233.74
10 1360 LOGDROPOUT all -- * !lo 0.0.0.0/0 58.218.211.166
10 1360 LOGDROPOUT all -- * !lo 0.0.0.0/0 218.65.30.73
Chain INVALID (2 references)
pkts bytes target prot opt in out source destination
17270 1031K INVDROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
705 240K INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW
Chain INVDROP (10 references)
pkts bytes target prot opt in out source destination
17975 1271K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOCALINPUT (1 references)
pkts bytes target prot opt in out source destination
14M 1554M ALLOWIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
14M 1546M DENYIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain LOCALOUTPUT (1 references)
pkts bytes target prot opt in out source destination
21M 6176M ALLOWOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
21M 6161M DENYOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPIN (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:68
96 33108 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:113
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
7 547 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:500
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:513
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
1 52 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
13095 662K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
297 23542 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
17585 899K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPOUT (15 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP_OUT Blocked* '
7110 1173K LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP_OUT Blocked* '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
9591 1608K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
"클라이언트에서 ssh -v 서버의 출력"이 무엇을 의미하는지 잘 모르겠습니다. 제가 사용하고 있는 클라이언트는 Winscp와 Putty입니다. 먼저 연결할 수 있어야 합니다!?
정확히 어디에서 "서버의 tcpdump"가 확실하지 않습니까?
편집하다:
이 PC에서 연결을 시도할 때 /var/log/secure에 표시됩니다. May 22 19:31:21 Whiskey sshd[27252]: fatal: 일치하는 mac이 없습니다: client hmac-sha1,hmac-sha1- 96,hmac-md5 서버 hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
해결됨: Putty를 0.62에서 0.64로, Winscp를 5.1.5에서 5.7.3으로 업데이트했는데 모든 것이 다시 작동합니다. 처음에는 왜 그들과 연결할 수 있었는지 잘 모르겠는데, 서버에 잠시 있다가 갑자기 더 이상 연결할 수 없었습니다...