ssh连接失败，但能ping通服务器

问题描述
问题排查

问题描述

能ping通，ssh报错 “Connection reset by peer”

[root@yl-web ~]# ssh [email protected]
ssh_exchange_identification: read: Connection reset by peer
[root@yl-web ~]# ping 10.1.101.35
PING 10.1.101.35 (10.1.101.35) 56(84) bytes of data.
64 bytes from 10.1.101.35: icmp_seq=1 ttl=64 time=0.587 ms
64 bytes from 10.1.101.35: icmp_seq=2 ttl=64 time=0.722 ms
64 bytes from 10.1.101.35: icmp_seq=3 ttl=64 time=0.475 ms

问题排查

1.判断是否客户端本身问题

终端上输入 ssh -v 服务器的ip ，如果出现以下信息，则可以说明客户端正常，问题主要出在服务器端。

[root@yl-web ~]# ssh -v [email protected]
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to 10.1.101.35 [10.1.101.35] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
ssh_exchange_identification: read: Connection reset by peer

2.服务器端排查

根据之前的报错提示，“Connection reset by peer” ，很有可能是客户端ip可能被服务器给禁掉了。
通过vi /etc/hosts.allow查看，在最后一行可以看到

sshd: IP段1，IP段2，...

说明之前已经有人在上面做了访问控制，此时只需要在sshd那一行的最后面加上自己的IP地址/地址段即可。

然后重启sshd

#service sshd restart

3.配置完服务器报错

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:b226rUj4dIMPdvutGRAVuPd3ZwQiCS13ab3RPl+pKO8.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
  remove with:
  ssh-keygen -f "/root/.ssh/known_hosts" -R 10.1.101.35
ECDSA host key for 39.116.118.163 has changed and you have requested strict checking.
Host key verification failed.
lost connection

原因：需要重新获取新的秘钥，这是由于，ssh连接服务器时，如果之前连接过，ssh会默认保存该ip的连接协议信息，当我们再次访问此ip服务器时，ssh会自动匹配之前ssh保存的信息，由于我们的服务器做了更改，例如重装系统等操作，会导致本地保存的ssh信息失效，于是再次连接时就会出现上述错误。

解决方法：直接在终端上上输入命令： ssh-keygen -R ip地址

注意R是大写，不是小写，目的是清除你当前机器里关于你的远程服务器的缓存和公钥信息

root@user-70DGA014CN:/var/lib/redis_7021# ssh-keygen -R 10.1.101.35
# Host 10.1.101.35 found: line 1
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
root@user-70DGA014CN:/var/lib/redis_7021# scp -r  7021dump_20191217.rdb [email protected]:/home/chenxinming/rdb/
The authenticity of host '10.1.101.35 (10.1.101.35)' can't be established.
ECDSA key fingerprint is SHA256:b226r123123Uj42dIMPd432vutGRAVuuPd3ZwQiCcS13ab3RPl+pKO8.
Are you sure you want to continue connecting (yes/no)?

参考资料：
https://www.cnblogs.com/starof/p/4709805.html
http://www.chenxm.cc/article/980.html