为了隔离工作和个人环境,一直使用 Fedora 的虚拟机挂在工作相关的目录进行开发。但是每天开着虚拟机太重了,想了想不如直接用 Docker 挂载相关的目录进行开发。在运行了镜像,并将之前使用的 SSH Key 复制到镜像之后,运行 git pull
提示没有权限。
Connection closed by xxx.xxx.xxx.xxx port 22
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
一开始的时候以为是 Key 出现了问题,使用 ssh-keygen
生成新的 Key 之后,还是一样的提示。使用 ssh -T [email protected]
提示连接被远程关闭了。
Connection closed by xxx.xxx.xxx.xxx port 22
使用 ssh -Tv [email protected]
的时候也是提示类似信息。
OpenSSH_9.6p1, OpenSSL 3.2.1 30 Jan 2024
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to github.com [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type 3
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.6
kex_exchange_identification: Connection closed by remote host
Connection closed by xxx.xxx.xxx.xxx port 22
正常情况下使用 SSH 连接一个新的远程主机的时候,会显示远程主机的指纹信息并提示是否连接,最后根据用户的选择将指纹添加到 known_hosts
文件里。显然,上面的信息显示并没有走到这一步。尝试了将仓库的协议由 SSH
换到 HTTPS
是可以了。因此初步怀疑是 22 端口被拦截了。通过 GitHub.com Help Documentation 的 ~Troubleshooting SSH~找到了一篇文章 Using SSH over the HTTPS port
Host github.com
Hostname ssh.github.com
Port 443
User git
将上述代码添加到 ~/.ssh/config
文件中再次运行 ssh -Tv [email protected]
出现了久违的指纹提醒:
The authenticity of host '[ssh.github.com]:443 ([xxx.xxx.xxx.xxx]:443)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
确认之后出现了认证成功的信息
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
后续的操作一切丝滑。既然确定了是端口的问题,现在要确定是什么原因导致的。
在物理机上找了个仓库试了一下也出现了一样的问题,在检查了防火墙之后也没发现问题。最后把目标定位在了代理上,查看日志发现了 [TCP] 127.0.0.1:65439 --> xxx.xxx.xxx.xxx:22 using GLOBAL
,切换了模式之后一切正常了。原因是代理服务器拒绝了 22 端口。