几天以来，我在通过 ssh 连接到我的服务器以使用代理/隧道时遇到了问题。

I-设置

客户

这是机器：

iMac:~卢卡$ sw_vers

产品名称： Mac OS X

产品版本：10.11.6

构建版本：15G1108

iMac:~卢卡$ sudo sysctl net.inet.ip.forwarding

net.inet.ip.转发：0

iMac:~卢卡$ sudo sysctl net.inet.ip.fw.enable

net.inet.ip.fw.启用：1

尝试了三个不同的网络。

浏览器

我使用 Firefox 50.0.1 浏览互联网，FoxyProxy 扩展配置如下：

主机地址：127.0.0.1

端口：9999

袜子v5

SSH命令

我正在使用 Terminal.app 通过 ssh 连接到我的服务器。

iMac:~卢卡$ ssh -p 53 -D 9999 卢卡@myIP

服务器

卢卡@myServer:~$ ssh -V

OpenSSH_6.7p1 Debian-5+deb8u3、OpenSSL 1.0.1t 2016 年 5 月 3 日

卢卡@myServer:~$ cat /proc/sys/net/ipv4/ip_forward

1

II - 预期

连接打开后，我可以毫无问题地浏览任何网站（我的 IP 是我的服务器）。

直到几天前都很好。如果我尝试的话，这仍然没问题：

• 同一服务器 (A)，另一台计算机 (Y)
• 同一台计算机 (X)，另一台服务器 (B)

从它的外观来看，它不适用于我的计算机（X）和我的服务器（A）。

III - 发生了什么

luca@myServer:~$ ssh_dispatch_run_fatal: 连接到 myIP: 消息验证码不正确

然后连接关闭。

此消息随机出现。但我可以通过代理通过大数据加载轻松重现它：加载多个视频，下载大文件等......

IV - 另一种方式，类似的问题

如果我使用相同的登录名 (luca) 和相同的端口 (53) 通过 sftp://（使用 FileZilla）连接到我的服务器。然后我尝试下载一个文件，每隔 <30 秒我就会收到以下错误：

错误：数据包收到的 MAC 不正确

再说一次，这种情况只发生在我的计算机 (X) 和我的服务器 (A) 上。如果我在同一台计算机 (X) 上尝试另一个服务器 (B)：没问题。如果我在另一台计算机 (Y) 上尝试相同的服务器 (A)：没问题。

V - 我尝试过的（但没有解决）

1. 重新启动服务器和计算机
2. 在服务器和计算机上重新启动 ssh/sshd
3. 删除计算机上的known_hosts文件
4. 使用 ssh 命令指定a-m和-c
5. -o GSSAPIKeyExchange=no在 ssh 命令中指定
6. /etc/ssh/ssh_config取消注释服务器或/和计算机上的密码和/或 MAC 行
7. -vvvvv尝试使用 ssh 命令查看选项并读取服务器/计算机上的日志，但没有任何相关的内容。

任何帮助，将不胜感激。

附录

服务器ssh -Q mac

卢卡@myServer:~$ ssh -Q mac hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 hmac-ripemd160 [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护]

电脑ssh -Q mac

iMac:~ 卢卡$ ssh -Q mac hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 hmac-ripemd160 [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护]

服务器ssh -v -p 53 -D 9999 luca@myIP

iMac:~ Luca$ ssh -v -p 53 -D 9999 luca@myIP

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to myIP [myIP] port 53.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to myIP:53 as 'luca'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:DUAAYL1r0QUDtRI89JozTTz+bm5wcg4cOSaFaRdbr/Y
debug1: Host '[myIP]:53' is known and matches the ECDSA host key.
debug1: Found key in /Users/Luca/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/Luca/.ssh/id_rsa
debug1: Trying private key: /Users/Luca/.ssh/id_dsa
debug1: Trying private key: /Users/Luca/.ssh/id_ecdsa
debug1: Trying private key: /Users/Luca/.ssh/id_ed25519
debug1: Next authentication method: password

luca@myIP's password:

debug1: Authentication succeeded (password).
Authenticated to myIP ([myIP]:53).
debug1: Local connections to LOCALHOST:9999 forwarded to remote address socks:0
debug1: Local forwarding listening on ::1 port 9999.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 9999.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
Debian GNU/Linux 8.6

Linux <server> #1 SMP Tue Mar 18 14:48:24 CET 2014 x86_64 GNU/Linux

server    : 274305
hostname  : myServer
eth0 IPv4 : myIPv4
eth0 IPv6 : myIPv6
Last login: Thu Dec  8 15:36:09 2016 from XXX.XXX.XXX.XXX

luca@myServer:~$

我有时会看到错误

luca@myServer:~$ 错误数据包长度 3045540078。

填充错误：需要-1249427218 block 8 mod 6

ssh_dispatch_run_fatal：连接到5.39.88.21：消息验证码不正确

服务器ssh -o macs=hmac-sha1 -v -p 53 -D 9999 luca@myServer发生崩溃时

iMac:~ Luca$ ssh -o macs=hmac-sha1 -v -p 53 -D 9999 luca@myIP
// [...]
luca@myServer:~$ debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 4: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 5: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 6: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 7: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 8: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 9: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 10: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 11: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 12: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 13: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 14: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 15: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 16: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 17: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 18: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 19: new [dynamic-tcpip]
ssh_dispatch_run_fatal: Connection to myIP : message authentication code incorrect
iMac:~ Luca$

在客户端更新 SSH 后

iMac:~ Luca$ ssh -V
OpenSSH_7.3p1, OpenSSL 1.0.2j  26 Sep 2016

iMac:~ Luca$ ssh -p 53 -D 9999 luca@myIP
luca@myIP's password: 
luca@ns3274305:~$ ssh_dispatch_run_fatal: Connection to myIP port 53: message authentication code incorrect

iMac:~ Luca$ ssh -o macs=hmac-sha1 -p 53 -D 9999 luca@myIP
luca@myIP's password: 
luca@ns3274305:~$ ssh_dispatch_run_fatal: Connection to myIP port 53: message authentication code incorrect
iMac:~ Luca$