背景
人在家里,电脑为linux系统,需要远程连接学校实验室的服务器。
要连接学校内网,首先要通过globalprotect连接学校内网
然后通过ssh登录实验室的服务器。
问题
学校内网已经打通,可以打开学校信息门户,同时ping实验室服务器也可以ping通,但是ssh连接却不成功,
报错显示Connection closed by xxxxx port 22
问题定位
通过ssh协议去clone 实验室服务器上gitlab的代码也会报同样的错误。若使用http协议clone代码却不会报错。
使用虚拟机中的windows, 网络设置为NAT,即同样的网络环境,可以成功通过windows中的ssh连接远程服务器。
由于前面的信息,可以大致推断出问题出在linux中的ssh,通过命令
ssh -v <username>@<server ip>
查看ssh的debug信息
得到如下结果
OpenSSH_7.9p1 Debian-10+deb10u1, OpenSSL 1.1.1c 28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <server ip>[<server ip>] port 22.
debug1: Connection established.
debug1: identity file /home/holly/.ssh/id_rsa type -1
debug1: identity file /home/holly/.ssh/id_rsa-cert type -1
debug1: identity file /home/holly/.ssh/id_dsa type -1
debug1: identity file /home/holly/.ssh/id_dsa-cert type -1
debug1: identity file /home/holly/.ssh/id_ecdsa type -1
debug1: identity file /home/holly/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/holly/.ssh/id_ed25519 type -1
debug1: identity file /home/holly/.ssh/id_ed25519-cert type -1
debug1: identity file /home/holly/.ssh/id_xmss type -1
debug1: identity file /home/holly/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to <server ip>22 as '<user name>'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by <server ip> port 22
以上内容中,<server ip>
为服务器ip, <user name>
为用户登录名
可以看到,在执行到 expecting SSH2_MSG_KEX_ECDH_REPLY时出现了问题
出问题的原因是,本地开启vpn的虚拟网卡MTU 比 目标网络设置的MTU大
尝试修改虚拟网卡MTU
使用ifconfig
命令查看网络信息,找到虚拟网卡,可以通过开启和关闭vpn查看ifcongig
变化来定位虚拟网卡
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1422
inet 10.38.7.251 netmask 255.255.255.255 destination 10.38.7.251
inet6 fe80::9c73:7564:588f:d95 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 46918 bytes 63984838 (61.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 17092 bytes 945172 (923.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我这里虚拟网卡为tun0
它的MTU是1422, 修改其为较小值,我这里修改为1200
sudo ifconfig tun0 mtu 1200
修改之后再去使用ssh协议就可以成功了。
参考list:
https://www.cnblogs.com/starof/p/4709805.html
https://blog.csdn.net/wang_zhenwei/article/details/88876992