ubuntu无法ssh到远程服务器

1 问题

openstack环境下创建了一个虚拟机,为虚拟机分配了浮动IP: 192.168.50.61。但是从ubuntu14.04服务器192.168.50.5上无法ssh到虚拟机服务器,SSH xxx@ip 就没有反应,也没有报错,可以PING通对方,TELNET对方的22端口也是通的。


使用ssh -vv看卡在哪里,出现错误:

root@node5:~# ssh -vv ubuntu@192.168.50.61
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.50.61 [192.168.50.61] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
...
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY


然后就一直卡住不动了。

2 方法

查看原因是在192.168.50.5服务器上mtu设置太大:http://www.snailbook.com/faq/mtu-mismatch.auto.html

Change the network interface MTU to solve it. This is a bug for ubuntu 14.04.
This worked for me:

sudo ip li set mtu 1200 dev wlan0
Or:
sudo ifconfig wlan0 mtu 1200
参考: https://superuser.com/questions/568891/ssh-works-in-putty-but-not-terminal

查看本机:

root@node5:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether ac:16:2d:0b:a8:9b brd ff:ff:ff:ff:ff:ff

修改网卡mtu后问题解决。

root@node5:~# ip li set mtu 1200 dev p5p1
root@node5:~# ssh ubuntu@192.168.50.61
ubuntu@192.168.50.61's password: 
root@node5:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1200 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether ac:16:2d:0b:a8:9b brd ff:ff:ff:ff:ff:ff


3 其它方法

3.1 echo "1200" > /sys/class/net/eth0/mtu

现象:主机间互通正常且可以判断对方ssh端口是开放的,但是用ssh xxx.xxx.xxx.xxx -v这种方式连接的时候会卡在debug1: SSH2_MSG_KEXINIT sent这步

解决方法:echo "1200" > /sys/class/net/eth0/mtu

原因:详情参考http://techbackground.blogspot.com/2013/06/path-mtu-discovery-and-gre.html   简单解释就是IPV4报头与GRE报头结构不同,导致GRE数据包最大内容载荷只有1454,默认mtu如果是1500的话,就会有46字节的内容无法处理导致错误


3.2 修改/etc/ssh/ssh_config

The solution was found here: SSH works in putty but not terminal

in Ubuntu 13.10/12.10, login and gain sudo access.

Edit /etc/ssh/ssh_config, uncomment the following lines

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160

Add the following line

HostKeyAlgorithms ssh-rsa,ssh-dss

You should end up with your /etc/ssh/ssh_config file looking like this

Host *
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
HostKeyAlgorithms ssh-rsa,ssh-dss

Now run ssh -T -v git@github.com and it will ask you to add the server to your known hosts file. Hit yes, and then it should welcome you to the server.


3.3 修改内核

SSH xxx@ip 就没有反应了,也没有报错
可以PING通对方,TELNET对方的22端口也是通到
局域网里到WINDOWS使用PUTTY是可以链接到远程主机到
真是奇怪呀

uncoffee@suncoffee:~$ ssh -v IP
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to IP [IP] port 22.
debug1: Connection established.
debug1: identity file /home/suncoffee/.ssh/id_rsa type -1
debug1: identity file /home/suncoffee/.ssh/id_rsa-cert type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug1: SSH2_MSG_KEXINIT sent

到这里就停了,没有反应了

解决办法:修改内核参数
net.ipv4.tcp_rmem = 4096 87380 207520

4 如何修改内核

查看当前系统参数sysctl -a
手动修改(
当前有效,重启后无效)joy@joy:~$ cat /proc/sys/net/ipv4/icmp_echo_ignore_all0joy@joy:~$ echo "1" >  /proc/sys/net/ipv4/icmp_echo_ignore_all
命令修改(当前有效,重启后无效sysctl -w net.ipv4.icmp_echo_ignore_all=1   (参数名与=文件路径去掉/proc/sys/,且""改成".")
配置文件中修改(当前无效,重启永久生效)vim /etc/sysctl.conf添加net.ipv4.icmp_echo_ignore_all=1
让其修改后立刻生效 sysctl -p
参数迁移1、当初当前主机所有配置sysctl -a > mysys.conf
2、拷贝到其他主机并执行sysctl -p -f mysys.conf
3、如果使用2套参数文件后性能大不相同,可对比2个参数文件









评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值