连接ssh中常见的错误代码

关于连接ssh中常见的错误

ssh -q -p port -i ssh_key -l username server

1. server为空(4106)-(4106)

[qjx@bogon ~]$ ssh -l root
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
	[-D [bind_address:]port] [-e escape_char] [-F configfile]
	[-i identity_file] [-L [bind_address:]port:host:hostport]
	[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
	[-R [bind_address:]port:host:hostport] [-S ctl_path]
	[-W host:port] [-w local_tun[:remote_tun]]
	[user@]hostname [command]

2. 服务器名错误,待测试()-(4098)

		[qjx@bogon ~]$ ssh 1.1.1.1 root
		ssh: connect to host 1.1.1.1 port 22: Connection refused

3. username为空(4106)-(4106)

		[qjx@bogon ~]$ ssh 192.168.80.128 -l
		ssh: option requires an argument -- l
		usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
				   [-D [bind_address:]port] [-e escape_char] [-F configfile]
				   [-i identity_file] [-L [bind_address:]port:host:hostport]
				   [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
				   [-R [bind_address:]port:host:hostport] [-S ctl_path]
				   [-W host:port] [-w local_tun[:remote_tun]]
				   [user@]hostname [command]
  • 如果只输入host,会默认连接哪个用户???

应该是默认连接与自己用户名相同的用户,如果没有则报错

[qjx@bogon ~]$ ssh 192.168.80.128
The authenticity of host '192.168.80.128 (192.168.80.128)' can't be established.
RSA key fingerprint is 61:a2:fd:15:f6:6c:ba:00:7e:91:18:de:ca:ab:de:f2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.80.128' (RSA) to the list of known hosts.
reverse mapping checking getaddrinfo for bogon [192.168.80.128] failed - POSSIBLE BREAK-IN ATTEMPT!
qjx@192.168.80.128's password: 
Last login: Wed Dec 13 08:59:29 2017 from 192.168.80.1
[qjx@bogon ~]$ 

[user1@bogon root]$ ssh 192.168.80.129 
The authenticity of host '192.168.80.129 (192.168.80.129)' can't be established.
RSA key fingerprint is 7d:bf:48:16:4c:b5:d0:dd:4b:1d:ec:a7:c1:7b:8e:17.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.80.129' (RSA) to the list of known hosts.
reverse mapping checking getaddrinfo for bogon [192.168.80.129] failed - POSSIBLE BREAK-IN ATTEMPT!
user1@192.168.80.129's password: 
Permission denied, please try again.
user1@192.168.80.129's password: 
Permission denied, please try again.
user1@192.168.80.129's password: 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[user1@bogon root]$
  • 如果ssh_key不是文件(4107)
ssh -q -o 'RSAAuthentication=no' -o 'PubkeyAuthentication=no' 
	-o 'GSSAPIAuthentication=no' -o 'UserKnownHostsFile=/dev/null' 
	-o 'StrictHostKeyChecking=no' -p port -l username server
	
	-q      静默模式。大多数警告信息将不输出。
	-p port 指定要连接远程主机上哪个端口,也可在全局配置文件中指定。
	-o  http://0001111.iteye.com/blog/1980857

RSAAuthentication    # 是否使用纯的 RSA 认证!?仅针对 version 1 能用

PubkeyAuthentication     # 是否允许 Public Key ,只有 version 2能用

GSSAPIAuthentication        为了让ssh认证速度变快
    
UserKnownHostsFile /dev/null        为了简便,将knownhostfile设为/dev/null,就不保存在known_hosts中了

StrictHostKeyChecking        有三个选项

1.StrictHostKeyChecking=no     #最不安全的级别,当然也没有那么多烦人的提示了,相对安全的内网时建议使用。如果连接server的key在本地不存在,那么就自动添加到文件中(默认是known_hosts),并且给出一个警告。

2.StrictHostKeyChecking=ask  #默认的级别,就是出现刚才的提示了。如果连接和key不匹配,给出提示,并拒绝登录。

3.StrictHostKeyChecking=yes  #最安全的级别,如果连接与key不匹配,就拒绝连接,不会提示详细信息。

LoginGraceTime 600     # 当使用者连上 SSH server 之后,会出现输入密码的画面,  
              # 在该画面中,在多久时间内没有成功连上 SSH server ,  
              # 就断线!时间为秒!

  • 在输入完yes之后,要求在输入yes(4097)
    -----概率很小

  • 连接后出现密码过期的提示(4105)
    -----...

4. 连接后提示输入密码,但是密码输入错误(4099)-(4099)

	[qjx@bogon ~]$ ssh 192.168.80.128 -l root
	reverse mapping checking getaddrinfo for bogon [192.168.80.128] failed - POSSIBLE BREAK-IN ATTEMPT!
	root@192.168.80.128's password: 
	Permission denied, please try again.
	root@192.168.80.128's password: 
	Permission denied, please try again.
	root@192.168.80.128's password: 
	Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
    1. 连接后出现(?i)terminal type(4097)

    -----,感觉这里的位置错误出现的几率都特别小

5. 使用了错误的用户名(4099)-(4099)

	[qjx@bogon ~]$ ssh 192.168.80.128 -l qqq
	reverse mapping checking getaddrinfo for bogon [192.168.80.128] failed - POSSIBLE BREAK-IN ATTEMPT!
	qqq@192.168.80.128's password: 
	Permission denied, please try again.
	qqq@192.168.80.128's password: 
	Permission denied, please try again.
	qqq@192.168.80.128's password: 
	Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

6. 没有开放22端口()-(4098)

[qjx@bogon ~]$ ssh 45.77.185.17 -l root
ssh: connect to host 45.77.185.17 port 22: Connection refused

7.登陆ssh后,输入提权密码提权密码错误(4100)-(4100)

 [qjx@bogon ~]$ su
Password: 
su: incorrect password
posted @ 2020-09-01 21:04  dreamOnly  阅读(559)  评论(0编辑  收藏  举报