针对通过 SSH 连接到 Azure Linux VM 时发生的失败、错误或被拒绝问题进行故障排除Troubleshoot SSH connections to an Azure Linux VM that fails, errors out, or is refused

尝试连接到 Linux 虚拟机 (VM) 时,可能会由于安全外壳 (SSH) 错误、SSH 连接失败或 SSH 被拒绝而发生问题,本文可帮助你查找并更正这些问题。This article helps you find and correct the problems that occur due to Secure Shell (SSH) errors, SSH connection failures, or SSH is refused when you try to connect to a Linux virtual machine (VM). 可以使用 Azure 门户、Azure CLI 或适用于 Linux 的 VM 访问扩展来排查和解决连接问题。You can use the Azure portal, Azure CLI, or VM Access Extension for Linux to troubleshoot and resolve connection problems.

如果对本文中的任何观点存在疑问,可以联系 Azure 支持上的 Azure 专家。If you need more help at any point in this article, you can contact the Azure experts on Azure support. 或者,也可以提出 Azure 支持事件。Alternatively, you can file an Azure support incident. 请转到 Azure 支持站点提交请求。Go to the Azure support site and submit your request. 有关使用 Azure 支持的信息,请阅读 Azure 支持常见问题For information about using Azure Support, read the Azure support FAQ.

快速故障排除步骤Quick troubleshooting steps

执行每个故障排除步骤后,请尝试重新连接到 VM。After each troubleshooting step, try reconnecting to the VM.

  1. 重置 SSH 配置Reset the SSH configuration.
  2. 重置用户的凭据Reset the credentials for the user.
  3. 验证网络安全组规则是否允许 SSH 流量。Verify the network security group rules permit SSH traffic.
    • 确保有一条网络安全组规则允许 SSH 流量(默认为 TCP 端口 22)。Ensure that a Network Security Group rule exists to permit SSH traffic (by default, TCP port 22).
    • 在不使用 Azure 负载均衡器的情况下无法使用端口重定向/映射。You cannot use port redirection / mapping without using an Azure load balancer.
  4. 查看 VM 资源运行状况Check the VM resource health.
    • 确保 VM 报告为正常。Ensure that the VM reports as being healthy.
    • 如果已启用启动诊断,请验证 VM 是否在日志中报告了启动错误。If you have boot diagnostics enabled, verify the VM is not reporting boot errors in the logs.
  5. 重启 VMRestart the VM.
  6. 重新部署 VMRedeploy the VM.

继续阅读余下的内容,获取更详细的故障排除步骤和说明。Continue reading for more detailed troubleshooting steps and explanations.

排查 SSH 连接问题的可用方法Available methods to troubleshoot SSH connection issues

可以使用以下方法之一重置凭据或 SSH 配置:You can reset credentials or SSH configuration using one of the following methods:

  • Azure 门户 - 如果需要快速重置 SSH 配置或 SSH 密钥,并且没有安装 Azure 工具,则很适合使用此方法。Azure portal - great if you need to quickly reset the SSH configuration or SSH key and you don't have the Azure tools installed.

  • Azure CLI - 如果已打开命令行,则可以快速重置 SSH 配置或凭据。Azure CLI - if you are already on the command line, quickly reset the SSH configuration or credentials. 如果要处理经典 VM,则可以使用 Azure 经典 CLIIf you are working with a classic VM, you can use the Azure classic CLI.

  • Azure VMAccessForLinux 扩展 - 创建和重复使用 json 定义文件来重置 SSH 配置或用户凭据。Azure VMAccessForLinux extension - create and reuse json definition files to reset the SSH configuration or user credentials.

在执行每个故障排除步骤之后,请尝试再次连接到 VM。After each troubleshooting step, try connecting to your VM again. 如果仍然无法连接,请尝试下一步。If you still cannot connect, try the next step.

使用 Azure 门户Use the Azure portal

在 Azure 门户中,可以快速重置 SSH 配置或用户凭据,无需在本地计算机上安装任何工具。The Azure portal provides a quick way to reset the SSH configuration or user credentials without installing any tools on your local computer.

若要开始,请在 Azure 门户中选择你的 VM。To begin, select your VM in the Azure portal. 向下滚动到“支持 + 故障排除”部分并选择“重置密码”,如以下示例中所示 :Scroll down to the Support + Troubleshooting section and select Reset password as in the following example:

在 Azure 门户中重置 SSH 配置或凭据

重置 SSH 配置Reset the SSH configuration

若要重置 SSH 配置,请如上面的屏幕截图所示在“模式” 部分中选择“Reset configuration only”,然后选择“更新” 。To reset the SSH configuration, select Reset configuration only in the Mode section as in the preceding screenshot, then select Update . 完成此操作后,再次尝试访问 VM。Once this action has completed, try to access your VM again.

重置用户的 SSH 凭据Reset SSH credentials for a user

若要重置现有用户的凭据,请在“模式” 部分中选择“Reset SSH public key”或“Reset password”,如上面的屏幕截图中所示。To reset the credentials of an existing user, select either Reset SSH public key or Reset password in the Mode section as in the preceding screenshot. 指定用户名和 SSH 密钥或新密码,然后选择“更新” 。Specify the username and an SSH key or new password, then select Update .

还可以通过此菜单在 VM 上创建具有 sudo 权限的用户。You can also create a user with sudo privileges on the VM from this menu. 输入新用户名和关联的密码或 SSH 密钥,然后选择“更新” 。Enter a new username and associated password or SSH key, and then select Update .

检查安全规则Check security rules

使用 IP 流验证来确认网络安全组中的规则是否阻止了传入或传出虚拟机的流量。Use IP flow verify to confirm if a rule in a network security group is blocking traffic to or from a virtual machine. 还可以查看有效的安全组规则,确保入站“允许”NSG 规则存在并已针对 SSH 端口(默认值 22)进行优化。You can also review effective security group rules to ensure inbound "Allow" NSG rule exists and is prioritized for SSH port (default 22). 有关详细信息,请参阅使用有效的安全规则排查 VM 流量流问题For more information, see Using effective security rules to troubleshoot VM traffic flow.

检查路由Check routing

使用网络观察程序的下一跃点功能确认路由未阻止将流量路由到虚拟机或从虚拟机路由流量。Use Network Watcher's Next hop capability to confirm that a route isn't preventing traffic from being routed to or from a virtual machine. 还可以查看有效路由,以了解网络接口的所有有效路由。You can also review effective routes to see all effective routes for a network interface. 有关详细信息,请参阅使用有效路由排查 VM 流量流问题For more information, see Using effective routes to troubleshoot VM traffic flow.

使用 Azure CLIUse the Azure CLI

安装最新的 Azure CLI 并使用 az login 登录到 Azure 帐户(如果尚未这样做)。If you haven't already, install the latest Azure CLI and sign in to an Azure account using az login.

备注

请先运行 az cloud set -n AzureChinaCloud 更改云环境,然后才能在 Azure 中国中使用 Azure CLI。Before you can use Azure CLI in Azure China , please run az cloud set -n AzureChinaCloud first to change the cloud environment. 若要切换回 Azure 公有云,请再次运行 az cloud set -n AzureCloudIf you want to switch back to Azure Public Cloud, run az cloud set -n AzureCloud again.

如果创建并上传了自定义 Linux 磁盘映像,请确保已安装 Azure Linux 代理 2.0.5 或更高版本。If you created and uploaded a custom Linux disk image, make sure the Azure Linux Agent version 2.0.5 or later is installed. 在使用库映像创建的 VM 上,系统已自动安装并配置了此访问扩展。For VMs created using Gallery images, this access extension is already installed and configured for you.

重置 SSH 配置Reset SSH configuration

最初可尝试将 SSH 配置重置为默认值,然后重新启动 VM 上的 SSH 服务器。You can initially try resetting the SSH configuration to default values and rebooting the SSH server on the VM. 这不会更改用户帐户名、密码或 SSH 密钥。This does not change the user account name, password, or SSH keys. 以下示例使用 az vm user reset-ssh,在 myResourceGroup 中名为 myVM 的 VM 上重置 SSH 配置。The following example uses az vm user reset-ssh to reset the SSH configuration on the VM named myVM in myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

az vm user reset-ssh --resource-group myResourceGroup --name myVM

重置用户的 SSH 凭据Reset SSH credentials for a user

以下示例使用 az vm user update,在 myResourceGroup 中名为 myVM 的 VM 上, 将 myUsername 的凭据重置为 myPassword 中指定的值。The following example uses az vm user update to reset the credentials for myUsername to the value specified in myPassword, on the VM named myVM in myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

az vm user update --resource-group myResourceGroup --name myVM \
     --username myUsername --password myPassword

如果使用 SSH 密钥身份验证,可以重置给定用户的 SSH 密钥。If using SSH key authentication, you can reset the SSH key for a given user. 以下示例在 myResourceGroup 中名为 myVM 的 VM 上,使用 az vm access set-linux-user 更新存储在 ~/.ssh/id_rsa.pub 中的用户名为 myUsername 的 SSH 密钥。The following example uses az vm access set-linux-user to update the SSH key stored in ~/.ssh/id_rsa.pub for the user named myUsername, on the VM named myVM in myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

az vm user update --resource-group myResourceGroup --name myVM \
    --username myUsername --ssh-key-value ~/.ssh/id_rsa.pub

使用 VMAccess 扩展Use the VMAccess extension

适用于 Linux 的 VM 访问扩展可以读入用于定义待执行操作的 json 文件。这些操作包括重置 SSHD、重置 SSH 密钥或添加用户。The VM Access Extension for Linux reads in a json file that defines actions to carry out. These actions include resetting SSHD, resetting an SSH key, or adding a user. 仍要使用 Azure CLI 调用 VMAccess 扩展,但可以根据需要在多个 VM 上重复使用该 json 文件。You still use the Azure CLI to call the VMAccess extension, but you can reuse the json files across multiple VMs if desired. 使用这种方法可以创建 json 文件存储库,然后,可以在给定的方案中调用这些文件。This approach allows you to create a repository of json files that can then be called for given scenarios.

重置 SSHDReset SSHD

创建包含以下内容的名为 settings.json 的文件:Create a file named settings.json with the following content:

{
    "reset_ssh":True
}

使用 Azure CLI,并调用 VMAccessForLinux 扩展并指定 json 文件来重置 SSHD 连接。Using the Azure CLI, you then call the VMAccessForLinux extension to reset your SSHD connection by specifying your json file. 以下示例使用 az vm extension set,在 myResourceGroup 中名为 myVM 的 VM 上重置 SSHD。The following example uses az vm extension set to reset SSHD on the VM named myVM in myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

az vm extension set --resource-group philmea --vm-name Ubuntu \
    --name VMAccessForLinux --publisher Microsoft.OSTCExtensions --version 1.2 --settings settings.json

重置用户的 SSH 凭据Reset SSH credentials for a user

如果 SSHD 看上去运行正常,可以重置给定用户的凭据。If SSHD appears to function correctly, you can reset the credentials for a giver user. 若要重置用户的密码,请创建名为 settings.json 的文件。To reset the password for a user, create a file named settings.json. 以下示例将 myUsername 的凭据重置为 myPassword 中指定的值。The following example resets the credentials for myUsername to the value specified in myPassword. settings.json 文件中使用自己的值输入以下行:Enter the following lines into your settings.json file, using your own values:

{
    "username":"myUsername", "password":"myPassword"
}

若要重置用户的 SSH 密钥,请先创建名为 settings.json 的文件。Or to reset the SSH key for a user, first create a file named settings.json. 以下示例在 myResourceGroup 中名为 myVM 的 VM 上,将 myUsername 的凭据重置为 myPassword 中指定的值。The following example resets the credentials for myUsername to the value specified in myPassword, on the VM named myVM in myResourceGroup. settings.json 文件中使用自己的值输入以下行:Enter the following lines into your settings.json file, using your own values:

{
    "username":"myUsername", "ssh_key":"mySSHKey"
}

创建 json 文件之后,使用 Azure CLI 调用 VMAccessForLinux 扩展并指定 json 文件来重置 SSH 用户凭据。After creating your json file, use the Azure CLI to call the VMAccessForLinux extension to reset your SSH user credentials by specifying your json file. 以下示例重置 myResourceGroup 中名为 myVM 的 VM 上的凭据。The following example resets credentials on the VM named myVM in myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

az vm extension set --resource-group philmea --vm-name Ubuntu \
    --name VMAccessForLinux --publisher Microsoft.OSTCExtensions --version 1.2 --settings settings.json

使用 Azure 经典 CLIUse the Azure classic CLI

安装 Azure 经典 CLI 并连接到 Azure 订阅(如果尚未这样做)。If you haven't already, install the Azure classic CLI and connect to your Azure subscription. 确保按如下所示使用 Resource Manager 模式:Make sure that you are using Resource Manager mode as follows:

azure config mode arm

如果创建并上传了自定义 Linux 磁盘映像,请确保已安装 Azure Linux 代理 2.0.5 或更高版本。If you created and uploaded a custom Linux disk image, make sure the Azure Linux Agent version 2.0.5 or later is installed. 在使用库映像创建的 VM 上,系统已自动安装并配置了此访问扩展。For VMs created using Gallery images, this access extension is already installed and configured for you.

重置 SSH 配置Reset SSH configuration

SSHD 配置本身可能有误或服务遇到错误。The SSHD configuration itself may be misconfigured or the service encountered an error. 可以重置 SSHD 以确保 SSH 配置本身是有效的。You can reset SSHD to make sure the SSH configuration itself is valid. 要执行的第一个故障排除步骤应该是重置 SSHD。Resetting SSHD should be the first troubleshooting step you take.

以下示例重置 myResourceGroup 资源组中名为 myVM 的 VM 上的 SSHD。The following example resets SSHD on a VM named myVM in the resource group named myResourceGroup. 请使用自己的 VM 和资源组名称,如下所示:Use your own VM and resource group names as follows:

azure vm reset-access --resource-group myResourceGroup --name myVM \
    --reset-ssh

重置用户的 SSH 凭据Reset SSH credentials for a user

如果 SSHD 看上去运行正常,可以重置给定用户的密码。If SSHD appears to function correctly, you can reset the password for a giver user. 以下示例在 myResourceGroup 中名为 myVM 的 VM 上,将 myUsername 的凭据重置为 myPassword 中指定的值。The following example resets the credentials for myUsername to the value specified in myPassword, on the VM named myVM in myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

azure vm reset-access --resource-group myResourceGroup --name myVM \
     --user-name myUsername --password myPassword

如果使用 SSH 密钥身份验证,可以重置给定用户的 SSH 密钥。If using SSH key authentication, you can reset the SSH key for a given user. 以下示例在 myResourceGroup 中名为 myVM 的 VM 上,更新 ~/.ssh/id_rsa.pub 中为用户 myUsername 存储的 SSH 密钥。The following example updates the SSH key stored in ~/.ssh/id_rsa.pub for the user named myUsername, on the VM named myVM in myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

azure vm reset-access --resource-group myResourceGroup --name myVM \
    --user-name myUsername --ssh-key-file ~/.ssh/id_rsa.pub

重启 VMRestart a VM

如果已重置 SSH 配置和用户凭据,或者在执行此操作期间遇到错误,可以尝试重新启动 VM 来解决基本的计算问题。If you have reset the SSH configuration and user credentials, or encountered an error in doing so, you can try restarting the VM to address underlying compute issues.

Azure 门户Azure portal

若要使用 Azure 门户重启 VM,请选择你的 VM,然后单击“重启” ,如以下示例中所示:To restart a VM using the Azure portal, select your VM and then select Restart as in the following example:

在 Azure 门户中重新启动 VM

Azure CLIAzure CLI

以下示例使用 az vm restart 重新启动名为 myResourceGroup 的资源组中名为 myVM 的 VM。The following example uses az vm restart to restart the VM named myVM in the resource group named myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

az vm restart --resource-group myResourceGroup --name myVM

Azure 经典 CLIAzure classic CLI

重要

经典 VM 将于 2023 年 3 月 1 日停用。Classic VMs will be retired on March 1, 2023.

如果从 ASM 使用 IaaS 资源,请在 2023 年 3 月 1 日之前完成迁移。If you use IaaS resources from ASM, please complete your migration by March 1, 2023. 我们建议你尽快进行切换,以利用 Azure 资源管理器中的许多增强功能。We encourage you to make the switch sooner to take advantage of the many feature enhancements in Azure Resource Manager.

有关详细信息,请参阅在 2023 年 3 月 1 日之前将 IaaS 资源迁移到 Azure 资源管理器For more information, see Migrate your IaaS resources to Azure Resource Manager by March 1, 2023.

以下示例重新启动 myResourceGroup 资源组中名为 myVM 的 VM。The following example restarts the VM named myVM in the resource group named myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

azure vm restart --resource-group myResourceGroup --name myVM

重新部署 VMRedeploy a VM

可以将 VM 重新部署到 Azure 中的另一个节点,这可能可以更正任何潜在的网络问题。You can redeploy a VM to another node within Azure, which may correct any underlying networking issues. 有关重新部署 VM 的信息,请参阅将虚拟机重新部署到新的 Azure 节点For information about redeploying a VM, see Redeploy virtual machine to new Azure node.

备注

完成此操作后,临时磁盘数据将丢失,系统将更新与虚拟机关联的动态 IP 地址。After this operation finishes, ephemeral disk data is lost and dynamic IP addresses that are associated with the virtual machine are updated.

Azure 门户Azure portal

若要使用 Azure 门户重新部署 VM,请选择 VM,然后向下滚动到“支持 + 故障排除”部分 。To redeploy a VM using the Azure portal, select your VM and scroll down to the Support + Troubleshooting section. 选择“重新部署” ,如以下示例中所示:Select Redeploy as in the following example:

在 Azure 门户中重新部署 VM

Azure CLIAzure CLI

以下示例使用 az vm redeploy 重新部署名为 myResourceGroup 的资源组中名为 myVM 的 VM。The following example use az vm redeploy to redeploy the VM named myVM in the resource group named myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

az vm redeploy --resource-group myResourceGroup --name myVM

Azure 经典 CLIAzure classic CLI

以下示例重新部署 myResourceGroup 资源组中名为 myVM 的 VM。The following example redeploys the VM named myVM in the resource group named myResourceGroup. 请如下所示使用自己的值:Use your own values as follows:

azure vm redeploy --resource-group myResourceGroup --name myVM

使用经典部署模型创建的 VMVMs created by using the Classic deployment model

重要

经典 VM 将于 2023 年 3 月 1 日停用。Classic VMs will be retired on March 1, 2023.

如果从 ASM 使用 IaaS 资源,请在 2023 年 3 月 1 日之前完成迁移。If you use IaaS resources from ASM, please complete your migration by March 1, 2023. 我们建议你尽快进行切换,以利用 Azure 资源管理器中的许多增强功能。We encourage you to make the switch sooner to take advantage of the many feature enhancements in Azure Resource Manager.

有关详细信息,请参阅在 2023 年 3 月 1 日之前将 IaaS 资源迁移到 Azure 资源管理器For more information, see Migrate your IaaS resources to Azure Resource Manager by March 1, 2023.

若要解决使用经典部署模型创建的 VM 中最常见的 SSH 连接失败问题,请尝试以下步骤。Try these steps to resolve the most common SSH connection failures for VMs that were created by using the classic deployment model. 执行每个步骤后,请尝试重新连接到 VM。After each step, try reconnecting to the VM.

  • Azure 门户重置远程访问。Reset remote access from the Azure portal. 在 Azure 门户中,选择你的 VM,然后选择“重置远程...” 。On the Azure portal, select your VM and then select Reset Remote... .

  • 重启 VM。Restart the VM. Azure 门户中,选择你的 VM,然后选择“重启” 。On the Azure portal, select your VM and select Restart .

  • 将 VM 重新部署到新的 Azure 节点。Redeploy the VM to a new Azure node. 有关如何重新部署 VM 的信息,请参阅将虚拟机重新部署到新的 Azure 节点For information about how to redeploy a VM, see Redeploy virtual machine to new Azure node.

    完成此操作后,临时磁盘数据会丢失,并且系统会更新与虚拟机关联的动态 IP 地址。After this operation finishes, ephemeral disk data will be lost and dynamic IP addresses that are associated with the virtual machine will be updated.

  • 按照如何为基于 Linux 的虚拟机重置密码或 SSH 中的说明执行以下操作:Follow the instructions in How to reset a password or SSH for Linux-based virtual machines to:

    • 重置密码或 SSH 密钥。Reset the password or SSH key.
    • 创建 sudo 用户帐户。Create a sudo user account.
    • 重置 SSH 配置。Reset the SSH configuration.
  • 检查 VM 的资源运行状况,了解是否存在任何平台问题。Check the VM's resource health for any platform issues.
    选择 VM 并向下滚动到“设置” > “检查运行状况” 。Select your VM and scroll down Settings > Check Health .

其他资源Additional resources