几天以来,我在通过 ssh 连接到我的服务器以使用代理/隧道时遇到了问题。
I-设置
客户
这是机器:
iMac:~卢卡$ sw_vers
产品名称: Mac OS X
产品版本:10.11.6
构建版本:15G1108
iMac:~卢卡$ sudo sysctl net.inet.ip.forwarding
net.inet.ip.转发:0
iMac:~卢卡$ sudo sysctl net.inet.ip.fw.enable
net.inet.ip.fw.启用:1
尝试了三个不同的网络。
浏览器
我使用 Firefox 50.0.1 浏览互联网,FoxyProxy 扩展配置如下:
主机地址:127.0.0.1
端口:9999
袜子v5
SSH命令
我正在使用 Terminal.app 通过 ssh 连接到我的服务器。
iMac:~卢卡$ ssh -p 53 -D 9999 卢卡@myIP
服务器
卢卡@myServer:~$ ssh -V
OpenSSH_6.7p1 Debian-5+deb8u3、OpenSSL 1.0.1t 2016 年 5 月 3 日
卢卡@myServer:~$ cat /proc/sys/net/ipv4/ip_forward
1
II - 预期
连接打开后,我可以毫无问题地浏览任何网站(我的 IP 是我的服务器)。
直到几天前都很好。如果我尝试的话,这仍然没问题:
- 同一服务器 (A),另一台计算机 (Y)
- 同一台计算机 (X),另一台服务器 (B)
从它的外观来看,它不适用于我的计算机(X)和我的服务器(A)。
III - 发生了什么
luca@myServer:~$ ssh_dispatch_run_fatal: 连接到 myIP: 消息验证码不正确
然后连接关闭。
此消息随机出现。但我可以通过代理通过大数据加载轻松重现它:加载多个视频,下载大文件等......
IV - 另一种方式,类似的问题
如果我使用相同的登录名 (luca) 和相同的端口 (53) 通过 sftp://(使用 FileZilla)连接到我的服务器。然后我尝试下载一个文件,每隔 <30 秒我就会收到以下错误:
错误:数据包收到的 MAC 不正确
再说一次,这种情况只发生在我的计算机 (X) 和我的服务器 (A) 上。如果我在同一台计算机 (X) 上尝试另一个服务器 (B):没问题。如果我在另一台计算机 (Y) 上尝试相同的服务器 (A):没问题。
V - 我尝试过的(但没有解决)
- 重新启动服务器和计算机
- 在服务器和计算机上重新启动 ssh/sshd
- 删除计算机上的known_hosts文件
- 使用 ssh 命令指定a
-m
和-c
-o GSSAPIKeyExchange=no
在 ssh 命令中指定/etc/ssh/ssh_config
取消注释服务器或/和计算机上的密码和/或 MAC 行-vvvvv
尝试使用 ssh 命令查看选项并读取服务器/计算机上的日志,但没有任何相关的内容。
任何帮助,将不胜感激。
附录
服务器ssh -Q mac
卢卡@myServer:~$ ssh -Q mac hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 hmac-ripemd160 [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护]
电脑ssh -Q mac
iMac:~ 卢卡$ ssh -Q mac hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 hmac-ripemd160 [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护] [电子邮件受保护]
服务器ssh -v -p 53 -D 9999 luca@myIP
iMac:~ Luca$ ssh -v -p 53 -D 9999 luca@myIP
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to myIP [myIP] port 53.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Luca/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to myIP:53 as 'luca'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:DUAAYL1r0QUDtRI89JozTTz+bm5wcg4cOSaFaRdbr/Y
debug1: Host '[myIP]:53' is known and matches the ECDSA host key.
debug1: Found key in /Users/Luca/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/Luca/.ssh/id_rsa
debug1: Trying private key: /Users/Luca/.ssh/id_dsa
debug1: Trying private key: /Users/Luca/.ssh/id_ecdsa
debug1: Trying private key: /Users/Luca/.ssh/id_ed25519
debug1: Next authentication method: password
luca@myIP's password:
debug1: Authentication succeeded (password).
Authenticated to myIP ([myIP]:53).
debug1: Local connections to LOCALHOST:9999 forwarded to remote address socks:0
debug1: Local forwarding listening on ::1 port 9999.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 9999.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
Debian GNU/Linux 8.6
Linux <server> #1 SMP Tue Mar 18 14:48:24 CET 2014 x86_64 GNU/Linux
server : 274305
hostname : myServer
eth0 IPv4 : myIPv4
eth0 IPv6 : myIPv6
Last login: Thu Dec 8 15:36:09 2016 from XXX.XXX.XXX.XXX
luca@myServer:~$
我有时会看到错误
luca@myServer:~$ 错误数据包长度 3045540078。
填充错误:需要-1249427218 block 8 mod 6
ssh_dispatch_run_fatal:连接到5.39.88.21:消息验证码不正确
服务器ssh -o macs=hmac-sha1 -v -p 53 -D 9999 luca@myServer
发生崩溃时
iMac:~ Luca$ ssh -o macs=hmac-sha1 -v -p 53 -D 9999 luca@myIP
// [...]
luca@myServer:~$ debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 4: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 5: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 6: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 7: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 8: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 9: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 10: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 11: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 12: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 13: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 14: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 15: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 16: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 17: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 18: new [dynamic-tcpip]
debug1: Connection to port 9999 forwarding to socks port 0 requested.
debug1: channel 19: new [dynamic-tcpip]
ssh_dispatch_run_fatal: Connection to myIP : message authentication code incorrect
iMac:~ Luca$
在客户端更新 SSH 后
iMac:~ Luca$ ssh -V
OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016
iMac:~ Luca$ ssh -p 53 -D 9999 luca@myIP
luca@myIP's password:
luca@ns3274305:~$ ssh_dispatch_run_fatal: Connection to myIP port 53: message authentication code incorrect
iMac:~ Luca$ ssh -o macs=hmac-sha1 -p 53 -D 9999 luca@myIP
luca@myIP's password:
luca@ns3274305:~$ ssh_dispatch_run_fatal: Connection to myIP port 53: message authentication code incorrect
iMac:~ Luca$
答案1
我已从 Mac OS El Capitan (10.11) 更新到 Mac OS Sierra (10.12)。
问题不再出现。
我仍然不知道问题到底是什么。
答案2
我通过在 Mac 上的以太网适配器的高级设置中禁用 AVB/EAV 模式(在 Big Sur 下)解决了这个问题。