1 问题
openstack环境下创建了一个虚拟机,为虚拟机分配了浮动IP: 192.168.50.61。但是从ubuntu14.04服务器192.168.50.5上无法ssh到虚拟机服务器,SSH xxx@ip 就没有反应,也没有报错,可以PING通对方,TELNET对方的22端口也是通的。
使用ssh -vv看卡在哪里,出现错误:
root@node5:~# ssh -vv ubuntu@192.168.50.61
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.50.61 [192.168.50.61] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
...
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
2 方法
查看原因是在192.168.50.5服务器上mtu设置太大:http://www.snailbook.com/faq/mtu-mismatch.auto.html
Change the network interface MTU to solve it. This is a bug for ubuntu 14.04.
This worked for me:
sudo ip li set mtu 1200 dev wlan0
Or:
sudo ifconfig wlan0 mtu 1200
参考:
https://superuser.com/questions/568891/ssh-works-in-putty-but-not-terminal
查看本机:
root@node5:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether ac:16:2d:0b:a8:9b brd ff:ff:ff:ff:ff:ff
修改网卡mtu后问题解决。
root@node5:~# ip li set mtu 1200 dev p5p1
root@node5:~# ssh ubuntu@192.168.50.61
ubuntu@192.168.50.61's password:
root@node5:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1200 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether ac:16:2d:0b:a8:9b brd ff:ff:ff:ff:ff:ff
3 其它方法
3.1 echo "1200" > /sys/class/net/eth0/mtu
现象:主机间互通正常且可以判断对方ssh端口是开放的,但是用ssh xxx.xxx.xxx.xxx -v这种方式连接的时候会卡在debug1: SSH2_MSG_KEXINIT sent这步
解决方法:echo "1200" > /sys/class/net/eth0/mtu
原因:详情参考http://techbackground.blogspot.com/2013/06/path-mtu-discovery-and-gre.html 简单解释就是IPV4报头与GRE报头结构不同,导致GRE数据包最大内容载荷只有1454,默认mtu如果是1500的话,就会有46字节的内容无法处理导致错误
3.2 修改/etc/ssh/ssh_config
The solution was found here: SSH works in putty but not terminal
in Ubuntu 13.10/12.10, login and gain sudo access.
Edit /etc/ssh/ssh_config
, uncomment the following lines
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
Add the following line
HostKeyAlgorithms ssh-rsa,ssh-dss
You should end up with your /etc/ssh/ssh_config
file looking like this
Host *
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
HostKeyAlgorithms ssh-rsa,ssh-dss
Now run ssh -T -v git@github.com
and it will ask you to add the server to your known hosts file. Hit yes, and then it should welcome you to the server.
3.3 修改内核
局域网里到WINDOWS使用PUTTY是可以链接到远程主机到
真是奇怪呀
uncoffee@suncoffee:~$ ssh -v IP
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to IP [IP] port 22.
debug1: Connection established.
debug1: identity file /home/suncoffee/.ssh/id_rsa type -1
debug1: identity file /home/suncoffee/.ssh/id_rsa-cert type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug1: SSH2_MSG_KEXINIT sent
到这里就停了,没有反应了
net.ipv4.tcp_rmem = 4096 87380 207520
4 如何修改内核
查看当前系统参数sysctl -a
手动修改(当前有效,重启后无效)joy@joy:~$ cat /proc/sys/net/ipv4/icmp_echo_ignore_all0joy@joy:~$ echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
命令修改(当前有效,重启后无效)sysctl -w net.ipv4.icmp_echo_ignore_all=1 (参数名与=文件路径去掉/proc/sys/,且"/ "改成".")
配置文件中修改(当前无效,重启永久生效)vim /etc/sysctl.conf添加net.ipv4.icmp_echo_ignore_all=1
让其修改后立刻生效 sysctl -p
参数迁移1、当初当前主机所有配置sysctl -a > mysys.conf
2、拷贝到其他主机并执行sysctl -p -f mysys.conf
3、如果使用2套参数文件后性能大不相同,可对比2个参数文件