Ubuntu开启ssh服务

发表于 更新于 分类于 Changyan: 本文字数: 2.1k 阅读时长 ≈ 8 分钟

一直使用windows进行开发,今天安装第三方包再次出现了问题,忍无可忍,果断使用乌班图。安装很简单,开启ssh服务也很顺利,换了用xshell去连接它的时候却出现了问题。

警告框提示:“服务器发送了一个意外的数据包。received:3,expected:20”的错误提示,索性这里从开启ssh服务到使用ssh成功连接整个流程跑一遍吧。

前提准备

我这里使用的是VMware虚拟机,系统为Ubuntu 20.04.1 LTS版,这里安装我就不提了,虚拟机不需要设置什么,很快就好了。

配置虚拟机网络

查看当前主机ip

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 查看ip,发现提示找不到命令
tony@ubuntu:~/Desktop$ ifconfig

Command 'ifconfig' not found, but can be installed with:

sudo apt install net-tools
 安装net-tools,重新查看ip
tony@ubuntu:~/Desktop$ sudo apt install net-tools
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  net-tools
0 upgraded, 1 newly installed, 0 to remove and 51 not upgraded.
Need to get 196 kB of archives.
After this operation, 864 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu focal/main amd64 net-tools amd64 1.60+git20180626.aebd88e-1ubuntu1 [196 kB]
Fetched 196 kB in 10s (19.8 kB/s)
Selecting previously unselected package net-tools.
(Reading database ... 143430 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60+git20180626.aebd88e-1ubuntu1_amd64.deb ..
.
Unpacking net-tools (1.60+git20180626.aebd88e-1ubuntu1) ...
Setting up net-tools (1.60+git20180626.aebd88e-1ubuntu1) ...
Processing triggers for man-db (2.9.1-1) ...
 查看ip
tony@ubuntu:~/Desktop$ ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.146.130  netmask 255.255.255.0  broadcast 192.168.146.255
        inet6 fe80::e15a:ba4e:3d34:d093  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:c1:25:52  txqueuelen 1000  (Ethernet)
        RX packets 428442  bytes 641012262 (641.0 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 76212  bytes 4832937 (4.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1619  bytes 144115 (144.1 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1619  bytes 144115 (144.1 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

此处可以看到我们的ip192.168.146.130

安装ssh服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 安装openssh服务
tony@ubuntu:~/Desktop$ sudo apt install openssh-server
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  ncurses-term openssh-sftp-server ssh-import-id
Suggested packages:
  molly-guard monkeysphere ssh-askpass
The following NEW packages will be installed:
  ncurses-term openssh-server openssh-sftp-server ssh-import-id
0 upgraded, 4 newly installed, 0 to remove and 51 not upgraded.
Need to get 688 kB of archives.
After this operation, 6,010 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://us.archive.ubuntu.com/ubuntu focal/main amd64 ncurses-term all 6.2-0ubuntu2 [249 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 openssh-sftp-server amd64 1:8.2p1-4ubuntu0.1 [51.5 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 openssh-server amd64 1:8.2p1-4ubuntu0.1 [377 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu focal/main amd64 ssh-import-id all 5.10-0ubuntu1 [10.0 kB]
Fetched 688 kB in 6s (117 kB/s)     
Preconfiguring packages ...
Selecting previously unselected package ncurses-term.
(Reading database ... 143479 files and directories currently installed.)
Preparing to unpack .../ncurses-term_6.2-0ubuntu2_all.deb ...
Unpacking ncurses-term (6.2-0ubuntu2) ...
Selecting previously unselected package openssh-sftp-server.
Preparing to unpack .../openssh-sftp-server_1%3a8.2p1-4ubuntu0.1_amd64.deb ...
Unpacking openssh-sftp-server (1:8.2p1-4ubuntu0.1) ...
Selecting previously unselected package openssh-server.
Preparing to unpack .../openssh-server_1%3a8.2p1-4ubuntu0.1_amd64.deb ...
Unpacking openssh-server (1:8.2p1-4ubuntu0.1) ...
Selecting previously unselected package ssh-import-id.
Preparing to unpack .../ssh-import-id_5.10-0ubuntu1_all.deb ...
Unpacking ssh-import-id (5.10-0ubuntu1) ...
Setting up openssh-sftp-server (1:8.2p1-4ubuntu0.1) ...
Setting up openssh-server (1:8.2p1-4ubuntu0.1) ...

Creating config file /etc/ssh/sshd_config with new version
Creating SSH2 RSA key; this may take some time ...
3072 SHA256:kqACe+gbHMcR9JkngU+1DbODJZJEswuAwFJOpgIQKcc root@ubuntu (RSA)
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:1XTWKEQcYj0lD/bVLknF/rCQhF1K+1AAxmagW758zlM root@ubuntu (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:cQdi29OAp1pbdlcwczgYqcA+M/6NOv+VwjnpVsYJcL8 root@ubuntu (ED25519)
Created symlink /etc/systemd/system/sshd.service → /lib/systemd/system/ssh.service.
Created symlink /etc/systemd/system/multi-user.target.wants/ssh.service → /lib/systemd/system/ssh.service.
rescue-ssh.target is a disabled or a static unit, not starting it.
Setting up ssh-import-id (5.10-0ubuntu1) ...
Attempting to convert /etc/ssh/ssh_import_id
Setting up ncurses-term (6.2-0ubuntu2) ...
Processing triggers for systemd (245.4-4ubuntu3.2) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for ufw (0.36-6) ...
 安装后查看ssh服务,已经自动运行起来了
tony@ubuntu:~/Desktop$ sudo systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2020-08-14 16:04:46 CST; 26s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 10580 (sshd)
      Tasks: 1 (limit: 2285)
     Memory: 1.4M
     CGroup: /system.slice/ssh.service
             └─10580 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Aug 14 16:04:46 ubuntu systemd[1]: Starting OpenBSD Secure Shell server...
Aug 14 16:04:46 ubuntu sshd[10580]: Server listening on 0.0.0.0 port 22.
Aug 14 16:04:46 ubuntu sshd[10580]: Server listening on :: port 22.
Aug 14 16:04:46 ubuntu systemd[1]: Started OpenBSD Secure Shell server.

没启动的可自行启动

1
2
3
sudo /etc/init.d/ssh start

sudo systemctl start ssh

开启22端口

虽然可以用命令 systemctl disable firewalld 直接关闭防火墙,但不建议这样做,推荐仅允许22端口通过防火墙:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 若firewalld未安装,则进行安装
ony@ubuntu:~/Desktop$ sudo apt install firewalld
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  ipset libipset13 libnftables1 python3-decorator python3-firewall python3-nftables python3-selinux python3-slip
  python3-slip-dbus
The following NEW packages will be installed:
  firewalld ipset libipset13 libnftables1 python3-decorator python3-firewall python3-nftables python3-selinux
  python3-slip python3-slip-dbus
0 upgraded, 10 newly installed, 0 to remove and 51 not upgraded.
Need to get 945 kB of archives.
After this operation, 5,382 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 libnftables1 amd64 0.9.3-2 [229 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 python3-nftables amd64 0.9.3-2 [11.5 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu focal/main amd64 python3-decorator all 4.4.2-0ubuntu1 [10.3 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 python3-selinux amd64 3.0-1build2 [139 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 python3-slip all 0.6.5-2 [7,116 B]
Get:6 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 python3-slip-dbus all 0.6.5-2 [8,872 B]
Get:7 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 python3-firewall all 0.8.2-1 [115 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 firewalld all 0.8.2-1 [342 kB]                        
Get:9 http://us.archive.ubuntu.com/ubuntu focal/main amd64 libipset13 amd64 7.5-1~exp1 [53.4 kB]                     
Get:10 http://us.archive.ubuntu.com/ubuntu focal/main amd64 ipset amd64 7.5-1~exp1 [29.8 kB]                         
Fetched 945 kB in 19s (48.7 kB/s)                                                                                    
Selecting previously unselected package libnftables1:amd64.
(Reading database ... 146326 files and directories currently installed.)
Preparing to unpack .../0-libnftables1_0.9.3-2_amd64.deb ...
Unpacking libnftables1:amd64 (0.9.3-2) ...
Selecting previously unselected package python3-nftables.
Preparing to unpack .../1-python3-nftables_0.9.3-2_amd64.deb ...
Unpacking python3-nftables (0.9.3-2) ...
Selecting previously unselected package python3-decorator.
Preparing to unpack .../2-python3-decorator_4.4.2-0ubuntu1_all.deb ...
Unpacking python3-decorator (4.4.2-0ubuntu1) ...
Selecting previously unselected package python3-selinux.
Preparing to unpack .../3-python3-selinux_3.0-1build2_amd64.deb ...
Unpacking python3-selinux (3.0-1build2) ...
Selecting previously unselected package python3-slip.
Preparing to unpack .../4-python3-slip_0.6.5-2_all.deb ...
Unpacking python3-slip (0.6.5-2) ...
Selecting previously unselected package python3-slip-dbus.
Preparing to unpack .../5-python3-slip-dbus_0.6.5-2_all.deb ...
Unpacking python3-slip-dbus (0.6.5-2) ...
Selecting previously unselected package python3-firewall.
Preparing to unpack .../6-python3-firewall_0.8.2-1_all.deb ...
Unpacking python3-firewall (0.8.2-1) ...
Selecting previously unselected package firewalld.
Preparing to unpack .../7-firewalld_0.8.2-1_all.deb ...
Unpacking firewalld (0.8.2-1) ...
Selecting previously unselected package libipset13:amd64.
Preparing to unpack .../8-libipset13_7.5-1~exp1_amd64.deb ...
Unpacking libipset13:amd64 (7.5-1~exp1) ...
Selecting previously unselected package ipset.
Preparing to unpack .../9-ipset_7.5-1~exp1_amd64.deb ...
Unpacking ipset (7.5-1~exp1) ...
Setting up libnftables1:amd64 (0.9.3-2) ...
Setting up python3-decorator (4.4.2-0ubuntu1) ...
Setting up libipset13:amd64 (7.5-1~exp1) ...
Setting up python3-selinux (3.0-1build2) ...
Setting up ipset (7.5-1~exp1) ...
Setting up python3-nftables (0.9.3-2) ...
Setting up python3-slip (0.6.5-2) ...
Setting up python3-slip-dbus (0.6.5-2) ...
Setting up python3-firewall (0.8.2-1) ...
Setting up firewalld (0.8.2-1) ...
update-alternatives: using /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy.choice to provide /u
sr/share/polkit-1/actions/org.fedoraproject.FirewallD1.policy (org.fedoraproject.FirewallD1.policy) in auto mode
Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /lib/systemd/system/firewalld.service.
Processing triggers for systemd (245.4-4ubuntu3.2) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for dbus (1.12.16-2ubuntu2.1) ...
Processing triggers for libc-bin (2.31-0ubuntu9) ...
 允许tcp 22端口
tony@ubuntu:~/Desktop$ sudo firewall-cmd --permanent --add-port=22/tcp
success
 可选:允许ssh服务
tony@ubuntu:~/Desktop$ sudo firewall-cmd --permanent --add-service=ssh
Warning: ALREADY_ENABLED: ssh
success
 查看firewalld状态,已经是存活状态
tony@ubuntu:~/Desktop$ sudo systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2020-08-14 16:06:09 CST; 1min 15s ago
       Docs: man:firewalld(1)
   Main PID: 11920 (firewalld)
      Tasks: 2 (limit: 2285)
     Memory: 24.7M
     CGroup: /system.slice/firewalld.service
             └─11920 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

Aug 14 16:06:08 ubuntu systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 14 16:06:09 ubuntu systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 14 16:07:02 ubuntu firewalld[11920]: WARNING: ALREADY_ENABLED: ssh
 重启firewalld,如果已启用,可忽略
tony@ubuntu:~/Desktop$ sudo systemctl restart firewalld

验证22端口是否打开:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
tony@ubuntu:~/Desktop$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources: 
  services: dhcpv6-client ssh
  ports: 22/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

结果显示22端口已开启。

远程ssh登录

我这里尝试使用xshell进行连接,结果提示“服务器发送了一个意外的数据包。received:3,expected:20”,查了好多资料,说是新版的sshd可能与xshell存在兼容性问题。

解决方法:在/etc/ssh/sshd_config最后增加以下一行

1
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1

使用vim添加并保存后,再次连接依然连接不上,忘记了重启了……

1
2
 重启ssh
tony@ubuntu:~/Desktop$ sudo systemctl restart ssh

连上了!!!!!!