1. 程式人生 > >ubuntu無法ssh到遠端伺服器

ubuntu無法ssh到遠端伺服器

1 問題

openstack環境下建立了一個虛擬機器,為虛擬機器分配了浮動IP: 192.168.50.61。但是從ubuntu14.04伺服器192.168.50.5上無法ssh到虛擬機器伺服器,SSH [email protected] 就沒有反應,也沒有報錯,可以PING通對方,TELNET對方的22埠也是通的。

使用ssh -vv看卡在哪裡,出現錯誤:

[email protected]:~# ssh -vv [email protected]
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.50.61 [192.168.50.61] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
...
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
然後就一直卡住不動了。

2 方法

檢視原因是在192.168.50.5伺服器上mtu設定太大:http://www.snailbook.com/faq/mtu-mismatch.auto.html

Change the network interface MTU to solve it. This is a bug for ubuntu 14.04.
This worked for me:

sudo ip li set mtu 1200 dev wlan0
Or:
sudo ifconfig wlan0 mtu 1200
參考:https://superuser.com/questions/568891/ssh-works-in-putty-but-not-terminal


檢視本機:

[email protected]:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether ac:16:2d:0b:a8:9b brd ff:ff:ff:ff:ff:ff

修改網絡卡mtu後問題解決。

[email protected]:~# ip li set mtu 1200 dev p5p1
[email protected]:~# ssh [email protected]
[email protected]'s password: 
[email protected]:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1200 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether ac:16:2d:0b:a8:9b brd ff:ff:ff:ff:ff:ff

3 其它方法

3.1 echo "1200" > /sys/class/net/eth0/mtu

現象:主機間互通正常且可以判斷對方ssh埠是開放的,但是用ssh xxx.xxx.xxx.xxx -v這種方式連線的時候會卡在debug1: SSH2_MSG_KEXINIT sent這步

解決方法:echo "1200" > /sys/class/net/eth0/mtu

原因:詳情參考http://techbackground.blogspot.com/2013/06/path-mtu-discovery-and-gre.html   簡單解釋就是IPV4報頭與GRE報頭結構不同,導致GRE資料包最大內容載荷只有1454,預設mtu如果是1500的話,就會有46位元組的內容無法處理導致錯誤

3.2 修改/etc/ssh/ssh_config

in Ubuntu 13.10/12.10, login and gain sudo access.

Edit /etc/ssh/ssh_config, uncomment the following lines

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160

Add the following line

HostKeyAlgorithms ssh-rsa,ssh-dss

You should end up with your /etc/ssh/ssh_config file looking like this

Host *
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
HostKeyAlgorithms ssh-rsa,ssh-dss

Now run ssh -T -v [email protected] and it will ask you to add the server to your known hosts file. Hit yes, and then it should welcome you to the server.


3.3 修改核心

SSH [email protected] 就沒有反應了,也沒有報錯 可以PING通對方,TELNET對方的22埠也是通到
局域網裡到WINDOWS使用PUTTY是可以連結到遠端主機到
真是奇怪呀

[email protected]:~$ ssh -v IP
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to IP [IP] port 22.
debug1: Connection established.
debug1: identity file /home/suncoffee/.ssh/id_rsa type -1
debug1: identity file /home/suncoffee/.ssh/id_rsa-cert type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug1: SSH2_MSG_KEXINIT sent

到這裡就停了,沒有反應了 解決辦法:修改核心引數
net.ipv4.tcp_rmem = 4096 87380 207520

4 如何修改核心

檢視當前系統引數sysctl -a手動修改(當前有效,重啟後無效)[email protected]:~$ cat /proc/sys/net/ipv4/icmp_echo_ignore_all[email protected]:~$ echo "1" >  /proc/sys/net/ipv4/icmp_echo_ignore_all
命令修改(當前有效,重啟後無效sysctl -w net.ipv4.icmp_echo_ignore_all=1   (引數名與=檔案路徑去掉/proc/sys/,且""改成".")配置檔案中修改(當前無效,重啟永久生效)vim /etc/sysctl.conf新增net.ipv4.icmp_echo_ignore_all=1讓其修改後立刻生效 sysctl -p引數遷移1、當初當前主機所有配置sysctl -a > mysys.conf2、拷貝到其他主機並執行sysctl -p -f mysys.conf3、如果使用2套引數檔案後效能大不相同,可對比2個引數檔案