我正在从运行 Virtual Box 的 Windows 主机系统连接到虚拟 Solaris 机器。这可以正常工作一段时间,但一段时间后连接就消失了。
奇怪的是,sshd 声称连接已被对端重置,而 ssh 会话却表示连接已被远程主机关闭。
我已经设法手动启动 sshd(/usr/lib/ssh/sshd -d
),以便获得下面显示的调试输出,但我完全不知道如何继续。
到目前为止尝试过的事情:
- 检查
/var/log/authlog
:它是空的 - 检查软件包是否是最新的(pkgchk -n SUNWsshcu、pkgchk -n SUNWsshdr、pkgchk -n SUNWsshdu、pkgchk -n SUNWsshhr、pkgchk -n SUNWsshr、pkgchk -n SUNWsshu):全部是最新的
- 允许在 PasswordAuthentication 中密码登录
/etc/ssh/ssh_config
并使用它:无变化
问题:我陷入困境,如何继续解决这个问题?
更多信息:
启动 ssh 守护进程:
bash-3.2# /usr/lib/ssh/sshd -d
debug1: sshd version Sun_SSH_1.1.5
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
远程连接:
debug1: Server will not fork when running in debugging mode.
Connection from 10.0.2.2 port 26688
debug1: Client protocol version 2.0; client software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.5
monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: use_engine is 'yes'
monitor debug1: reading the context from the child
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-ctr hmac-md5 zlib
debug1: kex: server->client aes128-ctr hmac-md5 zlib
debug1: Peer sent proposed langtags, ctos:
debug1: Peer sent proposed langtags, stoc:
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 134/256
debug1: bits set: 526/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 497/1024
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user beginner service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Failed none for beginn from 10.0.2.2 port 26688 ssh2
debug1: userauth-request for user beginner service ssh-connection method passworddebug1: attempt 1 initial attempt 0 failures 1 initial failures 0
Accepted password for beginner from 10.0.2.2 port 26688 ssh2
debug1: permanently_set_uid: 54324/1
debug1: sending auth context to the monitor
debug1: will send 41 bytes of auth context to the monitor
monitor debug1: finished reading the context
monitor debug1: use_engine is 'yes'
monitor debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
monitor debug1: pkcs11 engine initialization complete
monitor debug1: Entering monitor loop.
monitor debug1: fd 9 setting O_NONBLOCK
monitor debug1: fd 10 setting O_NONBLOCK
debug1: Entering interactive session for SSH2.
debug1: fd 9 setting O_NONBLOCK
debug1: fd 10 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request x11-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req x11-req
debug1: bind port 6010: Address already in use; skipping this port
debug1: bind port 6011: Address already in use; skipping this port
debug1: bind port 6012: Address already in use; skipping this port
debug1: bind port 6013: Address already in use; skipping this port
debug1: fd 11 setting O_NONBLOCK
debug1: channel 1: new [X11 inet listener]
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/8
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Setting controlling tty using TIOCSCTTY.
debug1: fd 4 setting TCP_NODELAY
debug1: SSH receive window size: 198560 B
debug1: fd 13 setting O_NONBLOCK
启动 emacs 并运行一段时间:
debug1: server_input_global_request: rtype [email protected] want_reply 1
debug1: server_input_global_request: rtype [email protected] want_reply 1
debug1: X11 connection requested.
debug1: fd 16 setting TCP_NODELAY
debug1: channel 2: new [X11 connection from 127.0.0.1 port 33079]
debug1: channel 2: open confirm rwindow 2097152 rmax 16384
debug1: channel 2: read<=0 rfd 16 len 0
debug1: channel 2: read failed
debug1: channel 2: close_read
debug1: channel 2: input open -> drain
debug1: channel 2: ibuf empty
debug1: channel 2: send eof
debug1: channel 2: input drain -> closed
debug1: channel 2: rcvd eof
debug1: channel 2: output open -> drain
debug1: channel 2: obuf empty
debug1: channel 2: close_write
debug1: channel 2: output drain -> closed
debug1: channel 2: rcvd close
debug1: channel 2: send close
debug1: channel 2: is dead
debug1: channel 2: garbage collecting
debug1: channel_free: channel 2: X11 connection from 127.0.0.1 port 33079, nchan nels 3
debug1: X11 connection requested.
debug1: fd 16 setting TCP_NODELAY
debug1: channel 2: new [X11 connection from 127.0.0.1 port 33080]
debug1: channel 2: open confirm rwindow 2097152 rmax 16384
debug1: channel 2: read<=0 rfd 16 len 0
debug1: channel 2: read failed
debug1: channel 2: close_read
debug1: channel 2: input open -> drain
debug1: channel 2: ibuf empty
debug1: channel 2: send eof
debug1: channel 2: input drain -> closed
debug1: X11 connection requested.
debug1: fd 17 setting TCP_NODELAY
debug1: channel 3: new [X11 connection from 127.0.0.1 port 33081]
debug1: channel 2: rcvd eof
debug1: channel 2: output open -> drain
debug1: channel 2: obuf empty
debug1: channel 2: close_write
debug1: channel 2: output drain -> closed
debug1: channel 2: rcvd close
debug1: channel 2: send close
debug1: channel 2: is dead
debug1: channel 2: garbage collecting
debug1: channel_free: channel 2: X11 connection from 127.0.0.1 port 33080, nchan nels 4
debug1: channel 3: open confirm rwindow 2097152 rmax 16384
debug1: channel 3: read<=0 rfd 17 len 0
debug1: channel 3: read failed
debug1: channel 3: close_read
debug1: channel 3: input open -> drain
debug1: channel 3: ibuf empty
debug1: channel 3: send eof
debug1: channel 3: input drain -> closed
debug1: channel 3: rcvd eof
debug1: channel 3: output open -> drain
debug1: channel 3: obuf empty
debug1: channel 3: close_write
debug1: channel 3: output drain -> closed
debug1: channel 3: send close
debug1: channel 3: rcvd close
debug1: channel 3: is dead
debug1: channel 3: garbage collecting
debug1: channel_free: channel 3: X11 connection from 127.0.0.1 port 33081, nchan nels 3
debug1: X11 connection requested.
debug1: fd 16 setting TCP_NODELAY
debug1: channel 2: new [X11 connection from 127.0.0.1 port 33084]
debug1: channel 2: open confirm rwindow 2097152 rmax 16384
debug1: X11 connection requested.
debug1: fd 17 setting TCP_NODELAY
debug1: channel 3: new [X11 connection from 127.0.0.1 port 33085]
debug1: channel 2: read<=0 rfd 16 len 0
debug1: channel 2: read failed
debug1: channel 2: close_read
debug1: channel 2: input open -> drain
debug1: channel 2: ibuf empty
debug1: channel 2: send eof
debug1: channel 2: input drain -> closed
debug1: channel 3: open confirm rwindow 2097152 rmax 16384
debug1: channel 2: rcvd eof
debug1: channel 2: output open -> drain
debug1: channel 2: obuf empty
debug1: channel 2: close_write
debug1: channel 2: output drain -> closed
debug1: channel 2: rcvd close
debug1: channel 2: send close
debug1: channel 2: is dead
debug1: channel 2: garbage collecting
debug1: channel_free: channel 2: X11 connection from 127.0.0.1 port 33084, nchan nels 4
debug1: X11 connection requested.
debug1: fd 16 setting TCP_NODELAY
debug1: channel 2: new [X11 connection from 127.0.0.1 port 33086]
debug1: channel 3: read<=0 rfd 17 len 0
debug1: channel 3: read failed
debug1: channel 3: close_read
debug1: channel 3: input open -> drain
debug1: channel 3: ibuf empty
debug1: channel 3: send eof
debug1: channel 3: input drain -> closed
debug1: channel 2: open confirm rwindow 2097152 rmax 16384
debug1: channel 3: rcvd eof
debug1: channel 3: output open -> drain
debug1: channel 3: obuf empty
debug1: channel 3: close_write
debug1: channel 3: output drain -> closed
debug1: channel 3: rcvd close
debug1: channel 3: send close
debug1: channel 3: is dead
debug1: channel 3: garbage collecting
debug1: channel_free: channel 3: X11 connection from 127.0.0.1 port 33085, nchan nels 4
经过一段随机的时间间隔后,连接丢失:
Read error from remote host 10.0.2.2: Connection reset by peer
debug1: Calling cleanup 0x806d882(0x80afd90)
debug1: session_pty_cleanup: session 0 release /dev/pts/8
debug1: Calling cleanup 0x80729a7(0x0)
debug1: channel_free: channel 0: server-session, nchannels 3
debug1: channel_free: channel 1: X11 inet listener, nchannels 2
debug1: channel_free: channel 2: X11 connection from 127.0.0.1 port 33086, nchannels 1
debug1: Calling cleanup 0x8064fe7(0x80c1318)
debug1: Calling cleanup 0x807e79a(0x0)
debug1: compress outgoing: raw data 36410262, compressed 3980612, factor 0.11
debug1: compress incoming: raw data 18374832, compressed 674656, factor 0.04
monitor debug1: Monitor received SIGCHLD.
传入 ssh 的输出:
~> ssh [email protected] -p 2222
Connection to 127.0.0.1 closed by remote host.
Connection to 127.0.0.1 closed
答案1
两台机器之间有 NAT 路由器吗?它可能由于不活动和超时而关闭连接?
SSH 客户端可以打开 SSH 级别的 KeepAlive 来尝试避免这种情况。
对于 openssh 客户端,我们在客户端配置文件 (/etc/ssh/ssh_config 或 ~/.ssh/config) 中包含以下内容:
KeepAlive 是
答案2
刚刚解决了 CentOS7 机器上类似的情况。结果发现“nmtui”命令对话框悄悄地在我们的静态 IP 地址末尾添加了一个“/32”。这将网络掩码更改为 255.255.255.255,并将广播 IP 更改为与接口相同的 IP。这导致了一些非常不寻常的 ARP 行为并导致许多连接断开。运行“ifconfig -a”以仔细检查您的网络掩码和广播设置。