Estou tentando conectar meu host ubuntu a um laptop fedora via ssh para poder compartilhar arquivos via ethernet. Eu tenho o servidor openssh iniciado no fedora (via service sshd start
) e já executei o comando iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
para permitir conexões ssh de entrada. Além disso, o endereço IPv4 no servidor é definido por ifconfig enp2s0f0 192.168.10.10 netmask 255.255.255.0 up
. Mas sempre que digito ssh -A -Y 192.168.10.10
ou ssh -4 192.168.10.10
; Eu recebo sempre uma mensagem de erro mostrando "ssh: connect to host 192.168.10.10 porta 22: Conexão recusada", mesmo depois de ter o firewall desativado usando service iptables stop
.
iptables -n -L -v
output no fedora mostra:
Chain INPUT (policy ACCEPT 11652 packets, 2859K bytes) pkts bytes
target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes
target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 11759 packets, 1665K bytes) pkts bytes
target prot opt in out source destination
iptables -n -L -v
output no ubuntu mostra:
Chain INPUT (policy ACCEPT 210K packets, 16M bytes) pkts bytes target prot opt source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt source destination
Chain OUTPUT (policy ACCEPT 209K packets, 15M bytes) pkts bytes target prot opt source destination
service sshd status
me dá:
Redirecting to /bin/systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2016-09-26 23:54:59 CET; 2min 49s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 9465 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 9474 (sshd)
CGroup: /system.slice/sshd.service
└─9474 /usr/sbin/sshd
Sep 26 23:54:59 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
Sep 26 23:54:59 localhost.localdomain systemd[1]: sshd.service: PID file /var/run/sshd.pid not readable (yet?) after start: No such file or directory
Sep 26 23:54:59 localhost.localdomain sshd[9474]: Server listening on 0.0.0.0 port 22.
Sep 26 23:54:59 localhost.localdomain sshd[9474]: Server listening on :: port 22.
Sep 26 23:54:59 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
Hint: Some lines were ellipsized, use -l to show in full.
a saída de ss --tcp --listening -n -p
é:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 5 192.168.122.1:53 *:* users:(("dnsmasq",pid=1260,fd=6))
LISTEN 0 128 *:22 *:* users:(("sshd",pid=9474,fd=3))
LISTEN 0 5 127.0.0.1:631 *:* users:(("cupsd",pid=2021,fd=12))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=9474,fd=4))
LISTEN 0 5 ::1:631 :::* users:(("cupsd",pid=2021,fd=11))
LISTEN 0 2 ::ffff:127.0.0.1:33311 :::* users:(("java",pid=3312,fd=16))
a saída do comando ps -ef|grep sshd
mostra:
root 9474 1 0 Sep26 ? 00:00:00 /usr/sbin/sshd
root 9891 2624 0 00:11 pts/0 00:00:00 grep --color=auto sshd
este é o conteúdo de / etc / ssh / ssh_config:
# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Os logs gerados (máquina fedora) depois de iniciar o sshd são:
Sep 26 21:56:16 localhost.localdomain polkitd[987]: Registered Authentication Agent for unix-process:5657:2312980 (system bus name :1.112 [/usr/bin/pk
Sep 26 21:56:16 localhost.localdomain systemd[1]: Started OpenSSH Server Key Generation.
Sep 26 21:56:16 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
Sep 26 21:56:16 localhost.localdomain sshd[5706]: Server listening on 0.0.0.0 port 22.
Sep 26 21:56:16 localhost.localdomain sshd[5706]: Server listening on :: port 22.
Sep 26 21:56:16 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
Sep 26 21:56:16 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ss
Sep 26 21:56:17 localhost.localdomain polkitd[987]: Unregistered Authentication Agent for unix-process:5657:2312980 (system bus name :1.112, object pa
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <warn> (enp2s0f0): DHCPv4 request timed out.
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): DHCPv4 state changed unknown -> timeout
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): canceled DHCP transaction, DHCP client pid 5645
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): DHCPv4 state changed timeout -> done
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: ip-config -> failed (reason 'ip-config-unavailabl
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> NetworkManager state is now CONNECTED_LOCAL
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <warn> (enp2s0f0): Activation: failed for connection 'Profile 1'
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: failed -> disconnected (reason 'none') [120 30 0]
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: failed -> disconnected (reason 'none') [120 30 0]
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> connectivity: check for uri 'http://fedoraproject.org/static/hotspot.txt' failed w
Sep 26 21:56:29 localhost.localdomain avahi-daemon[893]: Withdrawing address record for fe80::2289:84ff:fe77:4b2a on enp2s0f0.
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> Auto-activating connection 'Profile 1'.
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): Activation: starting connection 'Profile 1' (565f53a4-6355-4307-86f1-2
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> NetworkManager state is now CONNECTING
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: prepare -> config (reason 'none') [40 50 0]
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> (enp2s0f0): device state change: config -> ip-config (reason 'none') [50 70 0]
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> Activation (enp2s0f0) Beginning DHCPv4 transaction (timeout in 45 seconds)
Sep 26 21:56:29 localhost.localdomain NetworkManager[1002]: <info> dhclient started with pid 5924
Sep 26 21:56:29 localhost.localdomain dhclient[5924]: DHCPREQUEST on enp2s0f0 to 255.255.255.255 port 67 (xid=0x9b66907b)
Sep 26 21:56:31 localhost.localdomain avahi-daemon[893]: Registering new address record for fe80::2289:84ff:fe77:4b2a on enp2s0f0.*.
ps -ef | grep sshd
no fedora fornece a seguinte saída:
root 3471 1 0 17:46 ? 00:00:00 /usr/sbin/sshd
root 4164 3105 0 17:59 pts/0 00:00:00 grep --color=auto sshd
executando ip a
dentro do servidor, fornece a seguinte saída:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 20:89:84:77:4b:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.10.10/24 scope global enp2s0f0
valid_lft forever preferred_lft forever
inet6 fe80::2289:84ff:fe77:4b2a/64 scope link
valid_lft forever preferred_lft forever
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether bc:85:56:70:1b:57 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.103/24 brd 192.168.1.255 scope global dynamic wlp3s0
valid_lft 84531sec preferred_lft 84531sec
inet6 fe80::be85:56ff:fe70:1b57/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:73:5a:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:73:5a:6c brd ff:ff:ff:ff:ff:ff
executando route -n
dentro do servidor, fornece a seguinte saída:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 enp2s0f0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
executando sudo route -n
na máquina cliente do ubuntu, fornece a seguinte saída:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.10.1 0.0.0.0 UG 100 0 0 enp14s0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp14s0
192.168.10.0 0.0.0.0 255.255.255.0 U 100 0 0 enp14s0
ip a
na máquina do cliente:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 70:5a:b6:bf:fc:e6 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.10/24 brd 192.168.10.255 scope global enp14s0
valid_lft forever preferred_lft forever
inet6 fe80::ff27:c6bb:9a72:6d2/64 scope link
valid_lft forever preferred_lft forever
3: wlp20s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 70:f1:a1:69:c4:24 brd ff:ff:ff:ff:ff:ff
ip r
na máquina do cliente:
default via 192.168.10.1 dev enp14s0 proto static metric 100
169.254.0.0/16 dev enp14s0 scope link metric 1000
192.168.10.0/24 dev enp14s0 proto kernel scope link src 192.168.10.10 metric 100
arping -I enp14s0 192.168.10.10
na máquina do cliente, ficou preso em:
ARPING 192.168.10.10 from 192.168.10.10 enp14s0
saída de sudo tcpdump -n -i any port 22
:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
01:09:28.363302 IP 192.168.10.10.58906 > 192.168.10.10.22: Flags [S], seq 506055200, win 43690, options [mss 65495,sackOK,TS val 33913 ecr 0,nop,wscale 7], length 0
01:09:28.363357 IP 192.168.10.10.58906 > 192.168.10.10.22: Flags [R.], seq 0, ack 506055201, win 0, length 0
01:09:28.354895 IP 192.168.10.10.58906 > 192.168.10.10.22: Flags [S], seq 2349767060, win 43690, options [mss 65495,sackOK,TS val 34911 ecr 0,nop,wscale 7], length 0
01:09:28.354948 IP 192.168.10.10.22 > 192.168.10.10.58908: Flags [R.], seq 0, ack 2349767061, win 0, length 0
Alguém tem alguma ideia?
Sua ajuda será muito apreciada.