ubuntu無法ssh到遠端伺服器
1 問題
openstack環境下建立了一個虛擬機器,為虛擬機器分配了浮動IP: 192.168.50.61。但是從ubuntu14.04伺服器192.168.50.5上無法ssh到虛擬機器伺服器,SSH [email protected] 就沒有反應,也沒有報錯,可以PING通對方,TELNET對方的22埠也是通的。
使用ssh -vv看卡在哪裡,出現錯誤:
然後就一直卡住不動了。[email protected]:~# ssh -vv [email protected] OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.50.61 [192.168.50.61] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH_6.6.1* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent ... debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
2 方法
檢視原因是在192.168.50.5伺服器上mtu設定太大:http://www.snailbook.com/faq/mtu-mismatch.auto.html
Change the network interface MTU to solve it. This is a bug for ubuntu 14.04.
This worked for me:
sudo ip li set mtu 1200 dev wlan0
Or:
sudo ifconfig wlan0 mtu 1200檢視本機:
[email protected]:~# ip l 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether ac:16:2d:0b:a8:9b brd ff:ff:ff:ff:ff:ff
修改網絡卡mtu後問題解決。
[email protected]:~# ip li set mtu 1200 dev p5p1
[email protected]:~# ssh [email protected]
[email protected]'s password:
[email protected]:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1200 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether ac:16:2d:0b:a8:9b brd ff:ff:ff:ff:ff:ff
3 其它方法
3.1 echo "1200" > /sys/class/net/eth0/mtu
現象:主機間互通正常且可以判斷對方ssh埠是開放的,但是用ssh xxx.xxx.xxx.xxx -v這種方式連線的時候會卡在debug1: SSH2_MSG_KEXINIT sent這步
解決方法:echo "1200" > /sys/class/net/eth0/mtu
原因:詳情參考http://techbackground.blogspot.com/2013/06/path-mtu-discovery-and-gre.html 簡單解釋就是IPV4報頭與GRE報頭結構不同,導致GRE資料包最大內容載荷只有1454,預設mtu如果是1500的話,就會有46位元組的內容無法處理導致錯誤
3.2 修改/etc/ssh/ssh_config
in Ubuntu 13.10/12.10, login and gain sudo access.
Edit /etc/ssh/ssh_config, uncomment the following lines
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
Add the following line
HostKeyAlgorithms ssh-rsa,ssh-dss
You should end up with your /etc/ssh/ssh_config file looking like
this
Host *
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
HostKeyAlgorithms ssh-rsa,ssh-dss
Now run ssh -T -v [email protected] and it will ask you to add the server
to your known hosts file. Hit yes, and then it should welcome you to the server.
3.3 修改核心
SSH [email protected] 就沒有反應了,也沒有報錯 可以PING通對方,TELNET對方的22埠也是通到局域網裡到WINDOWS使用PUTTY是可以連結到遠端主機到
真是奇怪呀
[email protected]:~$ ssh -v IP
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to IP [IP] port 22.
debug1: Connection established.
debug1: identity file /home/suncoffee/.ssh/id_rsa type -1
debug1: identity file /home/suncoffee/.ssh/id_rsa-cert type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug1: SSH2_MSG_KEXINIT sent
到這裡就停了,沒有反應了 解決辦法:修改核心引數
net.ipv4.tcp_rmem = 4096 87380 207520
4 如何修改核心
檢視當前系統引數sysctl
-a手動修改(當前有效,重啟後無效)[email protected]:~$
cat /proc/sys/net/ipv4/icmp_echo_ignore_all[email protected]:~$
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
命令修改(當前有效,重啟後無效)sysctl
-w net.ipv4.icmp_echo_ignore_all=1 (引數名與=檔案路徑去掉/proc/sys/,且"/ "改成".")配置檔案中修改(當前無效,重啟永久生效)vim
/etc/sysctl.conf新增net.ipv4.icmp_echo_ignore_all=1讓其修改後立刻生效 sysctl
-p引數遷移1、當初當前主機所有配置sysctl
-a > mysys.conf2、拷貝到其他主機並執行sysctl
-p -f mysys.conf3、如果使用2套引數檔案後效能大不相同,可對比2個引數檔案