SSH破管,消息认证码不正确

SSH破管,消息认证码不正确

我已经设置了一个 Ubuntu 服务器,我计划用它来备份我的 MacBook Air rsync。但每次我使用rsync,甚至scp,连接都会断开,并出现以下错误之一:

packet_write_wait: Connection to 192.168.1.202: Broken pipe
packet_write_poll: Connection to 192.168.1.202: Broken pipe
packet_write_poll: Connection to 192.168.1.202: Protocol wrong type for socket

现在我搜索了类似的其他问题,通常人们会遇到会话超时的长备份问题。对我来说,这总是在开始文件传输后 10 秒内发生。我使用 scp 和 rsync 遇到同样的错误。我猜这可能是由于网络连接错误造成的,但我很难相信我与同一 LAN 上的服务器的连接如此不稳定。有人有主意吗?

我使用过的导致错误的命令示例:

scp -r /Users/Matt/Documents [email protected]:/media/matt/MattsBackups/

/usr/local/bin/rsync -av -e ssh /Users/Matt/Documents [email protected]:/media/matt/MattsBackups/

我今天做了一些更多的测试,奇怪的是它在我的 LAN 外部工作得相当可靠。所以我从我的家庭网络中再次尝试,但仍然不起作用。

跑步

grep 'sshd' /var/log/auth.log

在服务器上显示以下错误

fatal: ssh_dispatch_run_fatal: Connection from <My IP> port 49870: message authentication code incorrect

有关我的设置的一些更详细的信息:

Macbook Air OS X 10.11.5
OpenSSH_6.9p1, LibreSSL 2.1.8
rsync  version 3.1.2  protocol version 31

Ubuntu Server
OpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g-fips  1 Mar 2016

我确实注意到 ssh 版本的差异,但我希望这不会成为问题。我可以尝试使用自制程序安装更新版本。

更新:

好的,我刚刚用 homebrew 更新了 ssh

OpenSSH_7.2p2, OpenSSL 1.0.2g  1 Mar 2016

这似乎与 Ubuntu 盒子上使用的版本相同。但是,当我运行该命令时,Rsync 仍然会导致错误。这是我使用 ssh -v 标志尝试的命令:

/usr/local/bin/rsync -a -e '/usr/local/bin/ssh -v -c aes128-ctr -m hmac-sha1' /Users/Matt/Documents [email protected]:/media/matt/MattsBackups/

输出是:

OpenSSH_7.2p2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug1: Connecting to 192.168.1.202 [192.168.1.202] port 22.
debug1: Connection established.
debug1: identity file /Users/Matt/.ssh/id_rsa type 1 
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Matt/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Matt/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Matt/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Matt/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Matt/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Matt/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Matt/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu1
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.202:22 as 'matt'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:+zkrXNJENs5EobFwHa8wpMDe6zPDfj975qLcPp4b4sg
debug1: Host '192.168.1.202' is known and matches the ECDSA host key.
debug1: Found key in /Users/Matt/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Matt/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.202 ([192.168.1.202]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending command: rsync --server -logDtpre.iLsfxC . /media/matt/MattsBackups/MacAir/
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Connection to 192.168.1.202 closed by remote host.
Transferred: sent 145304, received 13032 bytes, in 0.1 seconds
Bytes per second: sent 1373019.8, received 123143.2
debug1: Exit status -1
rsync: [sender] write error: Broken pipe (32)
rsync error: error in socket IO (code 10) at io.c(820) [sender=3.1.2]

答案1

作为最后的手段,我从 Windows 98 PC 上找到了一块旧的 10/100 以太网卡,并将其安装在服务器中。配置完成后,我没有再出现任何错误,超过大约 30 GB 的数据。我猜想内置的以太网芯片组在 ubuntu 上不能很好地工作。或者我以某种方式错误地配置了它。

编辑:虽然我从未找到问题的根本原因,但请务必查看@sourcejedi 的答案下的评论线程。非常感谢@sourcejedi、@sneep 和@dentarg。

答案2

这可能是您的 SSH 中的错误。随着时间的推移,这样的例子已经有好几个了。 (您绝对应该发布两端使用的确切版本)。

http://www.alcateluunleashed.com/viewtopic.php?t=25294

我无法弄清楚为什么远程网络路径会更可靠,或者有任何解决此问题的建议。不过,这可能是由有问题的网络盒引起的......

http://community.ubnt.com/t5/EdgeMAX/clone-from-gitlab-com-through-ER-ssh-dispatch-run-fatal-message/td-p/1448285

如果你的 Ubuntu 服务器是最近安装的并且安装了所有可用的更新,我会对 Mac 客户端上的软件更加怀疑,因为它很旧并且受到类似错误的影响。

你可以测试不同的MAC等。例如

scp -o MACs=hmac-md5

注意 hmac-md5 并不像 md5 那样被视为弱(在 ssh 上下文中)(例如,在 HTTPS 证书上下文中)。我预计它主要比eg慢[email protected]。但是,-etm如果可以的话,最好使用模式。

这些链接表明您可以更喜欢旧的选项

MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160

并且它会避免某些错误。一旦找到您满意的内容,您就可以在 中对其进行配置/etc/ssh_config

Cipher也可能是问题所在。如果您使用 aes-gcm 例如[email protected],也许根本没有单独的 MAC。因此,您至少需要ssh通过添加-v命令并查找其实际使用的 MAC 来 确定正在执行的操作。

答案3

我在 Mac OSX 上也遇到了同样的问题。我的大部分 ssh/scp 会话都无法工作,尤其是对于大文件。结果我手动设置了网络接口,但它不喜欢它。我将其改回自动配置,一切又开始工作。

System preferences > Network > Ethernet > Advanced > Hardware > Configure: set dropdown to automatic

答案4

https://github.com/PowerShell/Win32-OpenSSH/issues/2078#issuecomment-1928004585..最新发生的情况

尝试:

~/.ssh/config

host *
    kexalgorithms [email protected],curve25519-sha256,[email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512
    ciphers [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
    macs [email protected],[email protected],[email protected]
    hostkeyalgorithms [email protected],ssh-ed25519

相关内容