关于连接ssh中常见的错误
ssh -q -p port -i ssh_key -l username server
1. server为空(4106)-(4106)
[qjx@bogon ~]$ ssh -l root
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-i identity_file] [-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
2. 服务器名错误,待测试()-(4098)
[qjx@bogon ~]$ ssh 1.1.1.1 root
ssh: connect to host 1.1.1.1 port 22: Connection refused
3. username为空(4106)-(4106)
[qjx@bogon ~]$ ssh 192.168.80.128 -l
ssh: option requires an argument -- l
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-i identity_file] [-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
- 如果只输入host,会默认连接哪个用户???
应该是默认连接与自己用户名相同的用户,如果没有则报错
[qjx@bogon ~]$ ssh 192.168.80.128
The authenticity of host '192.168.80.128 (192.168.80.128)' can't be established.
RSA key fingerprint is 61:a2:fd:15:f6:6c:ba:00:7e:91:18:de:ca:ab:de:f2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.80.128' (RSA) to the list of known hosts.
reverse mapping checking getaddrinfo for bogon [192.168.80.128] failed - POSSIBLE BREAK-IN ATTEMPT!
qjx@192.168.80.128's password:
Last login: Wed Dec 13 08:59:29 2017 from 192.168.80.1
[qjx@bogon ~]$
[user1@bogon root]$ ssh 192.168.80.129
The authenticity of host '192.168.80.129 (192.168.80.129)' can't be established.
RSA key fingerprint is 7d:bf:48:16:4c:b5:d0:dd:4b:1d:ec:a7:c1:7b:8e:17.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.80.129' (RSA) to the list of known hosts.
reverse mapping checking getaddrinfo for bogon [192.168.80.129] failed - POSSIBLE BREAK-IN ATTEMPT!
user1@192.168.80.129's password:
Permission denied, please try again.
user1@192.168.80.129's password:
Permission denied, please try again.
user1@192.168.80.129's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[user1@bogon root]$
- 如果ssh_key不是文件(4107)
ssh -q -o 'RSAAuthentication=no' -o 'PubkeyAuthentication=no'
-o 'GSSAPIAuthentication=no' -o 'UserKnownHostsFile=/dev/null'
-o 'StrictHostKeyChecking=no' -p port -l username server
-q 静默模式。大多数警告信息将不输出。
-p port 指定要连接远程主机上哪个端口,也可在全局配置文件中指定。
-o http://0001111.iteye.com/blog/1980857
RSAAuthentication # 是否使用纯的 RSA 认证!?仅针对 version 1 能用
PubkeyAuthentication # 是否允许 Public Key ,只有 version 2能用
GSSAPIAuthentication 为了让ssh认证速度变快
UserKnownHostsFile /dev/null 为了简便,将knownhostfile设为/dev/null,就不保存在known_hosts中了
StrictHostKeyChecking 有三个选项
1.StrictHostKeyChecking=no #最不安全的级别,当然也没有那么多烦人的提示了,相对安全的内网时建议使用。如果连接server的key在本地不存在,那么就自动添加到文件中(默认是known_hosts),并且给出一个警告。
2.StrictHostKeyChecking=ask #默认的级别,就是出现刚才的提示了。如果连接和key不匹配,给出提示,并拒绝登录。
3.StrictHostKeyChecking=yes #最安全的级别,如果连接与key不匹配,就拒绝连接,不会提示详细信息。
LoginGraceTime 600 # 当使用者连上 SSH server 之后,会出现输入密码的画面,
# 在该画面中,在多久时间内没有成功连上 SSH server ,
# 就断线!时间为秒!
-
在输入完yes之后,要求在输入yes(4097)
-----概率很小 -
连接后出现密码过期的提示(4105)
-----...
4. 连接后提示输入密码,但是密码输入错误(4099)-(4099)
[qjx@bogon ~]$ ssh 192.168.80.128 -l root
reverse mapping checking getaddrinfo for bogon [192.168.80.128] failed - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.80.128's password:
Permission denied, please try again.
root@192.168.80.128's password:
Permission denied, please try again.
root@192.168.80.128's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
-
- 连接后出现(?i)terminal type(4097)
-----,感觉这里的位置错误出现的几率都特别小
5. 使用了错误的用户名(4099)-(4099)
[qjx@bogon ~]$ ssh 192.168.80.128 -l qqq
reverse mapping checking getaddrinfo for bogon [192.168.80.128] failed - POSSIBLE BREAK-IN ATTEMPT!
qqq@192.168.80.128's password:
Permission denied, please try again.
qqq@192.168.80.128's password:
Permission denied, please try again.
qqq@192.168.80.128's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
6. 没有开放22端口()-(4098)
[qjx@bogon ~]$ ssh 45.77.185.17 -l root
ssh: connect to host 45.77.185.17 port 22: Connection refused
7.登陆ssh后,输入提权密码提权密码错误(4100)-(4100)
[qjx@bogon ~]$ su
Password:
su: incorrect password