私はローカルLANでネットワーク検索のためにsftp共有を設定しようとしましたが、sshラップトップにsftp接続したときに期待どおりに機能しました。
奇妙なことに、ネットワークスキャナへの接続を確立しようとすると、スキャナのWeb管理ツールに「認証エラー」というエラーメッセージが表示されます。確認後に探す192.168.178.44 ポート 52786 [preauth] によって接続が終了しました。SSHサーバーログに。
ログは鍵交換に関するメッセージでいっぱいなので、クライアントが珍しい鍵タイプを使用していると仮定しますが、その知識は限られています。 sshd_configを編集してサーバー側で接続を有効にする方法はありますか?セキュリティへの影響は何ですか?特に、通常のFTPと比較するとさらにそうです。
私のSSHサーバーの設定はほぼデフォルトです。私はRaspberryPi(192.168.178.100)のポート2022でopensshを実行しています。
journalctl -xeネットワークスキャナ(192.168.178.44、Brother ADS-4300N)から接続しようとしたときの追加ログ:
Aug 29 20:41:42 Nas sshd[6319]: Connection from 192.168.178.44 port 52786 on 192.168.178.100 port 2022 rdomain ""
Aug 29 20:41:42 Nas sshd[6319]: debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Raspbian-5+deb11u1
Aug 29 20:41:42 Nas sshd[6319]: debug1: Remote protocol version 2.0, remote software version libssh2_1.9.0
Aug 29 20:41:42 Nas sshd[6319]: debug1: no match: libssh2_1.9.0
Aug 29 20:41:42 Nas sshd[6319]: debug2: fd 4 setting O_NONBLOCK
Aug 29 20:41:42 Nas sshd[6319]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox
Aug 29 20:41:42 Nas sshd[6319]: debug2: Network child is on pid 6320
Aug 29 20:41:42 Nas sshd[6319]: debug3: preauth child monitor started
Aug 29 20:41:42 Nas sshd[6319]: debug3: privsep user:group 107:65534 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: permanently_set_uid: 107/65534 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: send packet: type 20 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: receive packet: type 20 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: SSH2_MSG_KEXINIT received [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: local server KEXINIT proposal [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: compression ctos: none,[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: compression stoc: none,[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: languages ctos: [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: languages stoc: [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: first_kex_follows 0 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: reserved 0 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: peer client KEXINIT proposal [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,[email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: host key algorithms: ssh-rsa [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,[email protected],aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,[email protected],aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected] [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: compression ctos: none [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: compression stoc: none [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: languages ctos: [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: languages stoc: [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: first_kex_follows 0 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: reserved 0 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: kex: algorithm: ecdh-sha2-nistp256 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: kex: host key algorithm: ssh-rsa [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: receive packet: type 30 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_sshkey_sign entering [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_request_send entering: type 6 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_request_receive_expect entering: type 7 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_request_receive entering [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_request_receive entering
Aug 29 20:41:42 Nas sshd[6319]: debug3: monitor_read: checking request 6
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_answer_sign
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_answer_sign: KEX signature 0x152b3b8(399)
Aug 29 20:41:42 Nas sshd[6319]: debug3: mm_request_send entering: type 7
Aug 29 20:41:42 Nas sshd[6319]: debug2: monitor_read: 6 used once, disabling now
Aug 29 20:41:42 Nas sshd[6319]: debug3: send packet: type 31 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: send packet: type 21 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: set_newkeys: mode 1 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: rekey out after 4294967296 blocks [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: receive packet: type 21 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug2: set_newkeys: mode 0 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: rekey in after 4294967296 blocks [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug1: KEX done [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: receive packet: type 5 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: debug3: send packet: type 6 [preauth]
Aug 29 20:41:42 Nas sshd[6319]: Connection closed by 192.168.178.44 port 52786 [preauth]