案例1:Read from socket failed: Connection reset by peer
(1)現象
[root@vm08 ~]# ssh 192.168.10.1
Read from socket failed: Connection reset by peer
(2) 分析
重啓sshd服務,發現出現如下:
[root@vm08 ~]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service
[root@vm08 ~]# service sshd status
Redirecting to /bin/systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-01-01 11:37:45 CST; 5s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 15252 (sshd)
CGroup: /system.slice/sshd.service
├─14995 sshd: root@pts/0
├─14997 -bash
├─15252 /usr/sbin/sshd -D
└─15253 /bin/systemctl status sshd.service
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@...@@@
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! ... @
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@...@@@
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_k...en.
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: It is required that your private key files are NO...rs.
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: This private key will be ignored.
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: bad permissions: ignore key: /etc/ssh/ssh_host_ed...key
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jan 01 11:37:45 paas-rds-database-cd60 sshd[15252]: Server listening on :: port 22.
Hint: Some lines were ellipsized, use -l to show in full.
查看日誌/var/log/message,有如下內容:
Jan 1 11:37:45 localhost sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 1 11:37:45 localhost sshd: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Jan 1 11:37:45 localhost sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 1 11:37:45 localhost sshd: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Jan 1 11:37:45 localhost sshd: It is required that your private key files are NOT accessible by others.
Jan 1 11:37:45 localhost sshd: This private key will be ignored.
Jan 1 11:37:45 localhost sshd: bad permissions: ignore key: /etc/ssh/ssh_host_ecdsa_key
Jan 1 11:37:45 localhost sshd: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
(3)解決辦法
從日誌,我們可以看出/etc/ssh/ssh_host_ecdsa_key文件的權限過大導致出現這個問題,因此,解決辦法就是把ssh目錄下的key文件的權限縮小,重啓sshd服務。
chmod 600 /etc/ssh/*key*
(4)其他
另外,也可能出現以下幾種情況:
(1)/etc/ssh目錄下key文件不存在,解決辦法是重新生成key文件:
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
案例2:ssh_exchange_identification: read: Connection reset by peer
[待補充]