转载请注明出处:http://hi.baidu.com/leejun_2005/blog/item/fbc27c4b20e83d3a08f7ef23.html?timeStamp=1309179713928
from:http://hi.baidu.com/tunaisen/blog/item/85e0a41805ed9fb24bedbcf3.html
如果出现ssh: connect to host XX.XX.XX.XX port 22: Connection refused
请按如下步骤检查:
1、目标主机的ssh server端程序是否安装、服务是否启动,是否在侦听22端口;
检查方法:
june@ubuntu:~$ ps -ef|grep sshd
root 2859 1 020:29 ? 00:00:00 /usr/sbin/sshd -D
root 2901 2859 020:31 ? 00:00:00 sshd: june[priv]
june 2971 2901 020:31 ? 00:00:00 sshd:june@pts/1
june@ubuntu:~$
其中/usr/sbin/sshd为ssh clinet/server中server端的守护进程,如果上述结果中没有sshd出现,那么可能就是你的server端程序没有安装(Ubuntu 11.04 默认没有安装ssh server,只安装了ssh client),或者sshd服务没有启动,这两者的解决办法请见下文详述。
2、是否允许该用户登录;
3、本机是否设置了iptables规则,禁止了ssh的连入/连出;
检查方法:
june@ubuntu:~$sudo iptables -L
[sudo] password for june:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
june@ubuntu:~$
4、查查ssh的配置文件
ls -lrt /etc/ssh
针对第一点没有安装ssh server或者没开启sshd的用户,可以参考这篇:
Ubuntu如何开启SSH服务
SSH分客户端openssh-client和openssh-server |
完整过程如下所示:
june@~ 19:57:22>
ssh june@192.168.1.101
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOINGSOMETHING NASTY!
Someone could be eavesdropping on you rightnow (man-in-the-middle attack)!
It is also possible that a host key hasjust been changed.
The fingerprint for the RSA key sent by theremote host is
7f:57:35:cf:23:86:12:cb:e5:51:7a:a3:57:71:15:71.
Please contact your system administrator.
Add correct host key in/home/june/.ssh/known_hosts to get rid of this message.
Offending RSA key in/home/june/.ssh/known_hosts:8
RSA host key for 192.168.1.101 has changedand you have requested strict checking.
Host key verification failed.
june@~ 20:30:55>
june@~ 20:31:36>
rm /home/june/.ssh/known_hosts
june@~ 20:31:46>
ssh june@192.168.1.101
The authenticity of host '192.168.1.101(192.168.1.101)' can't be established.
ECDSA key fingerprint is50:9b:b7:15:c0:57:aa:d6:22:7c:97:40:6e:49:6e:94.
Are you sure you want to continueconnecting (yes/no)? yes
Warning: Permanently added '192.168.1.101'(ECDSA) to the list of known hosts.
june@192.168.1.101's password:
Welcome to Ubuntu 11.04 (GNU/Linux2.6.38-8-generic i686)
*Documentation: https://help.ubuntu.com/
Last login: Sat Jun 25 12:38:24 2011
june@ubuntu:~$
loading