在桥接模式下从容器通过 SSH 访问服务器时,某些命令会挂起

在桥接模式下从容器通过 SSH 访问服务器时,某些命令会挂起

我可以使用 ssh 从 Docker 容器访问服务器,但某些命令(如ps auxcat等)会冻结会话。我必须使用 Ctrl-c 关闭会话。当我在同一个容器上再次尝试时,它可以正常工作。

这是一个例子:

$ docker run --rm -it debian:buster bash
$ apt update && apt install -y openssh-client # Install ssh
$ ssh [email protected] -o LogLevel=Debug ps aux 
# The session is stuck. I have to Ctrl-c
$ ssh [email protected] -o LogLevel=Debug ps aux
# This time it works.

当我使用网络“主机”时,docker run --rm -it --network=host debian:buster bash它正常工作。

这是调试跟踪(匿名):

root@9995e92fead2:/# ssh [email protected] -o LogLevel=Debug ps aux
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to staging.website.net [1.1.1.1] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1
debug1: match: OpenSSH_7.4p1 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to staging.website.net:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fmERO2EkCT5DDL/dFFbQayx9RmQLgEGrTvC3Z2sOIpU
The authenticity of host 'staging.website.net (1.1.1.1)' can't be established.
ECDSA key fingerprint is SHA256:fmERO2EkCT5DDL/dFFbQayx9RmQLgEGrTvC3Z2sOIpU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'staging.website.net,1.1.1.1' (ECDSA) to the list of known hosts.
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
debug1: Will attempt key: /root/.ssh/id_dsa 
debug1: Will attempt key: /root/.ssh/id_ecdsa 
debug1: Will attempt key: /root/.ssh/id_ed25519 
debug1: Will attempt key: /root/.ssh/id_xmss 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
debug1: Server accepts key: /root/.ssh/id_rsa RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
debug1: Authentication succeeded (publickey).
Authenticated to staging.website.net ([1.1.1.1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending environment.
debug1: Sending command: ps aux

以下是服务器端的日志:

sshd[34224]: rexec line 14: Deprecated option KeyRegenerationInterval
sshd[34224]: rexec line 23: Deprecated option RSAAuthentication
sshd[34224]: rexec line 24: Deprecated option RhostsRSAAuthentication
sshd[34224]: rexec line 25: Deprecated option ServerKeyBits
sshd[34224]: Connection from 1.1.1.1 port 37812 on 1.1.1.1 port 22
sshd[34224]: reprocess config line 23: Deprecated option RSAAuthentication
sshd[34224]: reprocess config line 24: Deprecated option RhostsRSAAuthentication
sshd[34224]: Postponed publickey for user from 1.1.1.1 port 37812 ssh2 [preauth]
audit[34224]: USER_ACCT pid=34224 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34224]: Accepted publickey for user from 1.1.1.1 port 37812 ssh2: RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
audit[34224]: CRED_ACQ pid=34224 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34224]: pam_unix(sshd:session): session opened for user user by (uid=0)
audit[34224]: USER_START pid=34224 uid=0 auid=2000 ses=34235 msg='op=PAM:session_open acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34224]: User child is on pid 34285
audit[34285]: CRED_ACQ pid=34285 uid=0 auid=2000 ses=34235 msg='op=PAM:setcred acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34285]: Starting session: command for user from 1.1.1.1 port 37812 id 0

我看不出有什么特别的。

它适用于某些服务器,所以我想服务器端有一个配置。

我该如何修复它?

编辑

ServerAliveInterval我更改了和的值,ServerAliveCountMax并且我有:

Timeout, server website not responding.

答案1

我有同样的问题。突然,docker 容器的 ssh 连接停止工作。但是当我使用“主机”网络创建容器时 - 它起作用了。尝试过 ubuntu 和 centos 镜像。

相关内容