银河麒麟 SSH Vscode连接

SSH连接错误:

bash 复制代码
[20:04:32.376] Failed to set up socket for dynamic port forward to remote port 38671: Socket closed. TCP port forwarding may be disabled, or the remote server may have crashed. See the VS Code Server log above for details.
[20:04:32.376] Failed to set up socket for dynamic port forward to remote port 38671: Socket closed. TCP port forwarding may be disabled, or the remote server may have crashed. See the VS Code Server log above for details.
[20:04:32.401] > channel 3: open failed: administratively prohibited: open failed
> channel 4: open failed: administratively prohibited: open failed
[20:04:32.402] ERROR: TCP port forwarding appears to be disabled on the remote host. Ensure that the sshd_config has AllowTcpForwarding yes. Contact your system administrator if needed.

一、 检查 sshd_config 配置文件

bash 复制代码
sudo vi /etc/ssh/sshd_config
1. 以下参数正确设置,并且配置已生效。
bash 复制代码
AllowTcpForwarding yes # 启用端口转发
X11Forwarding yes
PermitTunnel yes
ListenAddress 0.0.0.0
bash 复制代码
# 让 SSH 同时监听端口 22 和 42717
Port 22
Port 42717
bash 复制代码
# PermitOpen none
请确保 PermitOpen 没有限制端口的开放:
你的配置文件中有 PermitOpen none,这会禁用所有端口的转发。
你可以尝试注释掉这行或修改为允许特定端口的转发。
2. 修改配置后,需要重启 SSH 服务,使更改生效:
bash 复制代码
sudo systemctl restart sshd
3. 全部代码为:
bash 复制代码
#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

Port 22
Port 42717
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

# AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
PermitTunnel yes
#ChrootDirectory none
#VersionAddendum none

# no default banner path
Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem	sftp	/usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
X11Forwarding yes
AllowTcpForwarding yes
#	PermitTTY no
#	ForceCommand cvs server
# PermitOpen none

二、检查防火墙设置

确保防火墙没有阻止端口转发。可以使用以下命令查看防火墙规则(以 firewalld 为例):

bash 复制代码
sudo firewall-cmd --list-all

如果防火墙阻止了 SSH 或特定端口的流量,你可以打开相应的端口,例

bash 复制代码
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload
1. 添加端口转发规则

如果你需要将特定的端口转发到本地或其他端口,可以使用 --add-forward-port 添加端口转发。例如,如果你要将本地的某个端口转发到远程服务器的端口,可以按如下方式添加:

bash 复制代码
sudo firewall-cmd --add-forward-port=port=42717:proto=tcp:toport=42717 --permanent
sudo firewall-cmd --reload

这将转发本地端口 42717 到远程端口 42717。

2. 启用 masquerading (NAT)

如果你需要使用端口转发或 NAT,建议启用 masquerading(网络地址转换)。这对于某些类型的端口转发是必要的,尤其是当防火墙位于 NAT 路由器或具有多个网络接口的服务器时:

bash 复制代码
sudo firewall-cmd --add-masquerade --permanent
sudo firewall-cmd --reload
3. 确保防火墙允许其他必需端口

如果需要转发其他特定端口(如在 VS Code 中使用的端口),确保它们也被防火墙允许。例如,如果你需要 42717 端口在防火墙中开放,可以添加:

bash 复制代码
sudo firewall-cmd --add-port=42717/tcp --permanent
sudo firewall-cmd --reload
4. 检查防火墙规则是否生效

更改配置后,使用以下命令检查防火墙的当前规则是否正确:

bash 复制代码
sudo firewall-cmd --list-all

总结

根据当前的防火墙配置,ssh 端口(22/tcp)是开放的,但是没有设置端口转发和 masquerading。如果你需要进行端口转发,务必添加相关规则并启用 masquerading,然后重新加载防火墙配置。

确保 AllowTcpForwarding 被启用: 如果防火墙是启用的,可以通过 firewall-cmd 来允许端口 42717 的转发。

例如,启用端口转发:

bash 复制代码
sudo firewall-cmd --zone=public --add-port=42717/tcp --permanent
sudo firewall-cmd --reload

检查端口转发规则是否生效: 使用 ss 或 netstat 确认服务器是否正确监听了所需的端口。

bash 复制代码
sudo ss -tuln | grep 42717

检查防火墙是否有特殊限制: 确认是否有 rich rules 或其他更细粒度的限制,阻止了端口转发。你可以使用以下命令查看详细的 rich rules 配置:

bash 复制代码
sudo firewall-cmd --list-rich-rules
相关推荐
带电的小王9 小时前
VSCode:VSCode安装 -- 最简洁的VSCode安装教程
ide·vscode·编辑器
sg_knight13 小时前
VSCode如何修改默认扩展路径和用户文件夹目录到D盘
前端·ide·vscode·编辑器·web
GPT祖弘14 小时前
【VScode】第三方GPT编程工具-CodeMoss安装教程
ide·vscode·gpt
乐闻x14 小时前
VSCode 插件开发实战(五):实现新语言支持和语法高亮
ide·vscode·编辑器
Dontla14 小时前
vscode怎么设置anaconda python解释器(anaconda解释器、vscode解释器)
ide·vscode·python
乐闻x15 小时前
VSCode 插件开发实战(六):配置自定义状态栏
ide·vscode·编辑器
漫天转悠15 小时前
VScode中配置ESlint+Prettier详细步骤(图文详情)
vscode·vue
张明奇-琦玉15 小时前
vscode添加全局宏定义
ide·vscode·编辑器
Code_流苏15 小时前
VSCode搭建Java开发环境 2024保姆级安装教程(Java环境搭建+VSCode安装+运行测试+背景图设置)
java·ide·vscode·搭建·java开发环境