scp 出现“消息认证码不正确”错误

scp 出现“消息认证码不正确”错误

我从一台特定计算机(Mac OS 11.2)到一台特定主机(Ubuntu 18.04.5)的 scp 操作间歇性失败。这台计算机 scp 到其他主机时没有问题,其他计算机 scp 到这台主机时也没有问题。我使用 ssh 或 mosh 也没有问题。

在客户端,我看到:

$ /usr/bin/scp vegan-choux-deflated-big.jpg ps:jtk/
stty: 'standard input': Inappropriate ioctl for device
vegan-choux-deflated-big.jpg                       0%    0     0.0KB/s   --:-- ETAclient_loop: send disconnect: Broken pipe
lost connection

在服务器上我看到:

$ sudo journalctl -f
Feb 20 19:12:08 jefftk.com sshd[15856]: Accepted publickey for jefftk from 146.115.48.13 port 65263 ssh2: RSA SHA256:FT44f1oAdXEJtBZTFf1zxC2r6ZxptSES3ZkG/fPmYuk
Feb 20 19:12:08 jefftk.com sshd[15856]: pam_unix(sshd:session): session opened for user jefftk by (uid=0)
Feb 20 19:12:08 jefftk.com systemd-logind[3157]: New session 32 of user jefftk.
Feb 20 19:12:08 jefftk.com systemd[1]: Started Session 32 of user jefftk.
Feb 20 19:12:10 jefftk.com sshd[16050]: ssh_dispatch_run_fatal: Connection from user jefftk 146.115.48.13 port 65263: message authentication code incorrect
Feb 20 19:12:10 jefftk.com sshd[15856]: pam_unix(sshd:session): session closed for user jefftk
Feb 20 19:12:10 jefftk.com systemd-logind[3157]: Removed session 32.

这看起来像是message authentication code incorrect问题吗?

手动指定 MAC(-o MACs=hmac-sha2-512)似乎没有效果。

此错误是间歇性的:通常一切正常。

详细上传输出:

$ /usr/bin/scp -v vegan-choux-deflated-big.jpg ps:jtk/
Executing: program /usr/bin/ssh host ps, user (unspecified), command scp -v -t jtk/
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/jefftk/.ssh/config
debug1: /Users/jefftk/.ssh/config line 25: Applying options for ps
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 74: Applying options for *
debug1: hostname canonicalisation enabled, will re-parse configuration
debug1: re-parsing configuration
debug1: Reading configuration data /Users/jefftk/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 60: Applying options for *.com
debug1: /etc/ssh/ssh_config line 64: Applying options for *.*
debug1: /etc/ssh/ssh_config line 74: Applying options for *
debug1: Connecting to www.jefftk.com [163.172.164.150] port 22.
debug1: Connection established.
debug1: identity file /Users/jefftk/.ssh/id_rsa type 0
debug1: identity file /Users/jefftk/.ssh/id_rsa-cert type -1
debug1: identity file /Users/jefftk/.ssh/localhost/id_rsa type -1
debug1: identity file /Users/jefftk/.ssh/localhost/id_rsa-cert type -1
debug1: identity file /Users/jefftk/.ssh/clusterhost/id_rsa type -1
debug1: identity file /Users/jefftk/.ssh/clusterhost/id_rsa-cert type -1
debug1: identity file /Users/jefftk/.ssh/id_ed25519 type -1
debug1: identity file /Users/jefftk/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/jefftk/.ssh/id_ecdsa type -1
debug1: identity file /Users/jefftk/.ssh/id_ecdsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to www.jefftk.com:22 as 'jefftk'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:bXmp8R4JOzinavMiXjgpzJk7mjhNiPOQ61NChWaXrDo
debug1: Host 'www.jefftk.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/jefftk/.ssh/known_hosts:115
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: publickey ECDSA SHA256:7PPjwtPBwuO+UnzB/Myo/La/ptAQ5EI8YeDoHkpO7wM agent
debug1: Will attempt key: corp/normal ECDSA-CERT SHA256:X7GzO8/fLB5iiNYLqDU/lRz2I7CajWm8WJcKnwv0WnA agent
debug1: Will attempt key: /Users/jefftk/.ssh/id_rsa RSA SHA256:FT44f1oAdXEJtBZTFf1zxC2r6ZxptSES3ZkG/fPmYuk
debug1: Will attempt key: /Users/jefftk/.ssh/localhost/id_rsa 
debug1: Will attempt key: /Users/jefftk/.ssh/clusterhost/id_rsa 
debug1: Will attempt key: /Users/jefftk/.ssh/id_ed25519 
debug1: Will attempt key: /Users/jefftk/.ssh/id_ecdsa 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: publickey ECDSA SHA256:7PPjwtPBwuO+UnzB/Myo/La/ptAQ5EI8YeDoHkpO7wM agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: corp/normal ECDSA-CERT SHA256:X7GzO8/fLB5iiNYLqDU/lRz2I7CajWm8WJcKnwv0WnA agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /Users/jefftk/.ssh/id_rsa RSA SHA256:FT44f1oAdXEJtBZTFf1zxC2r6ZxptSES3ZkG/fPmYuk
debug1: Server accepts key: /Users/jefftk/.ssh/id_rsa RSA SHA256:FT44f1oAdXEJtBZTFf1zxC2r6ZxptSES3ZkG/fPmYuk
debug1: Authentication succeeded (publickey).
Authenticated to www.jefftk.com ([163.172.164.150]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending command: scp -v -t jtk/
stty: 'standard input': Inappropriate ioctl for device
Sending file modes: C0644 2413695 vegan-choux-deflated-big.jpg
Sink: C0644 2413695 vegan-choux-deflated-big.jpg
vegan-choux-deflated-big.jpg                   99% 2336KB   4.8MB/s   00:00 ETAclient_loop: send disconnect: Broken pipe
lost connection

答案1

在我看来,这似乎是通信网络问题。“MAC 不正确”可能意味着数据包损坏。这可能是由多种因素造成的。

我在 BareOS 上也遇到过类似的问题,备份失败了。在这种情况下,我禁用了一些硬件卸载一台机器上的所有功能,故障都消失了:

(在里面/etc/network/interfaces

iface vmbr0 inet static
        ...
        bridge-ports eno1
        up ethtool -K eno1 tso off gro off gso off tx off rx off ufo off

另一个原因可能是 WiFi 故障。尝试使用另一张 wlan 卡、另一个无线信道。另一个原因是有线交换机损坏。

一般的解决方案是对网络进行压力测试并修复发现的任何问题。

答案2

对我来说有效的解决方案(我仍然对此感到困惑)是,我从使用 2020 MacBookPro 上的 WiFi 连接切换到使用有线以太网加密狗。就我而言,我试图从 Solaris SPARC 服务器转移到在 Parallels 中运行的 RHEL 7.9 VM 实例。对我的 2016 MacBookPro(它是有线的并用作台式机)使用类似的配置没有问题,这排除了我的 SPARC、我的网络、macOS、Parallels、RHEL 7.9 以及介于两者之间的所有其他东西。我只是将 Parallels VM 切换到 Belkin 加密狗,它运行得非常好。

答案3

对我-o MACs=hmac-sha2-512来说

相关内容