SSH 反向端口转发每 10 分钟断开一次

tag-icon tag-icon ssh port-forwarding ssh-tunnel
SSH 反向端口转发每 10 分钟断开一次

我使用以下命令设置了 SSH 反向端口转发:

autossh -N -R 0.0.0.0:22722:127.0.0.1:22 -i /tmp/my_ssh_key -o StrictHostKeyChecking=no -p 22 -4 -C reverseportforward@myserver

这工作正常,但每隔 (恰好) 10 分钟就会断开连接 (然后再次重新连接,可能是因为我使用了 autossh)。以 root 身份运行没有帮助。客户端断开连接时始终显示以下错误消息 (通道可能有所不同):

channel 2: open failed: administratively prohibited: open failed

我的服务器上的 /etc/ssh/sshd_config 文件如下所示:

PermitRootLogin no
MaxAuthTries 1
PubkeyAuthentication yes
PasswordAuthentication no
IgnoreRhosts yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding no
PrintMotd no
PrintLastLog yes
TCPKeepAlive no
ClientAliveInterval 30
ClientAliveCountMax 60
Compression no
Protocol 2
AcceptEnv LANG LC_*
Subsystem   sftp    /usr/lib/openssh/sftp-server

Match User portforward
    AllowTcpForwarding yes
    GatewayPorts yes

Match User reverseportforward
    # i am using this user to log in, which has no tty on the system
    AllowTcpForwarding remote
    GatewayPorts yes

AUTOSSH_DEBUG=1当连接断开并重新连接时,运行 autossh 会显示以下内容:

2020-04-28T17:01:28.592069229Z autossh[6]: timeout polling to accept read connection
2020-04-28T17:01:28.592197780Z autossh[6]: port down, restarting ssh
2020-04-28T17:01:28.593327889Z autossh[6]: clear alarm timer (0 secs left)
2020-04-28T17:01:28.593358844Z autossh[6]: checking for grace period, tries = 0
2020-04-28T17:01:28.593368126Z autossh[6]: starting ssh (count 38)
2020-04-28T17:01:28.593666070Z autossh[6]: ssh child pid is 54
2020-04-28T17:01:28.593690737Z autossh[6]: check on child 54
2020-04-28T17:01:28.593700290Z autossh[6]: clear alarm timer (0 secs left)
2020-04-28T17:01:28.593708796Z autossh[6]: set alarm for 600 secs
2020-04-28T17:01:28.593717058Z autossh[54]: child of 6 execing /usr/bin/ssh
2020-04-28T17:11:28.594031723Z autossh[6]: received SIGALRM (end-of-life 0)
2020-04-28T17:11:28.637068054Z channel 1: open failed: administratively prohibited: open failed

# It keeps connected at this point until the next line:

2020-04-28T17:11:43.609415674Z autossh[6]: timeout polling to accept read connection
2020-04-28T17:11:43.609492523Z autossh[6]: port down, restarting ssh
2020-04-28T17:11:43.611233146Z autossh[6]: clear alarm timer (0 secs left)
2020-04-28T17:11:43.611271012Z autossh[6]: checking for grace period, tries = 0
2020-04-28T17:11:43.611283209Z autossh[6]: starting ssh (count 39)
2020-04-28T17:11:43.611512721Z autossh[6]: ssh child pid is 55
2020-04-28T17:11:43.611700660Z autossh[6]: check on child 55
2020-04-28T17:11:43.611754603Z autossh[6]: clear alarm timer (0 secs left)
2020-04-28T17:11:43.611766769Z autossh[6]: set alarm for 600 secs
2020-04-28T17:11:43.611776685Z autossh[55]: child of 6 execing /usr/bin/ssh

使用以下命令运行直接端口转发似乎不会发生此问题:

autossh -N -L 0.0.0.0:2222:127.0.0.1:22 -i /tmp/my_ssh_key -o StrictHostKeyChecking=no -p 22 -4 -C portforward@myserver

目前,我可以通过在运行 autossh 时设置环境变量 AUTOSSH_PORT=0 来绕过这个问题,但这可能远非理想(将在几天的 24/7 连接后查看它如何工作)

答案1

在我的案例中,这种行为是由于两台计算机同时连接到具有相同 autossh 监控端口 (-M) 的服务器而导致的。他们非常惊讶。

答案2

尝试在 SSH 服务器上更改以下参数/etc/ssh/sshd_config并重新启动ssh服务:

从:

TCPKeepAlive no

到:

TCPKeepAlive yes

相关内容