linux服务器sftp无法连接超时,sftp连接服务器失败

实际工作例子：

在windows上用XShell工具时，某服务器长时间都没有反应。

但是ssh登录仍然可以正常连接。

换用linux上的sftp命令来连接时，出现了一些错误信息：

[root@TS-3-206 ~]# sftp -o Port=5555 root@192.168.18.15:/usr/local/gdns/

Connecting to 192.168.18.15...

root@192.168.18.15's password:

Received message too long 1131376761

原因在于服务端的.bashrc中有存在标准输出的语句

[root@pb6a817b5 etc]# cat ~/.bashrc# .bashrc

# User specific aliases and functions

alias rm='rm -i'

alias cp='cp -i'

alias mv='mv -i'

# Source global definitions

if [ -f /etc/bashrc ]; then

. /etc/bashrc

fi

source /opt/intel/vtune_amplifier_xe_2013/amplxe-vars.sh

最后一个脚本程序会输出：

Copyright (C) 2009-2014 Intel Corporation. All rights reserved.

Intel(R) VTune(TM) Amplifier XE 2013 (build 353306)

需要把这些输出去掉，因此改为

source /opt/intel/vtune_amplifier_xe_2013/amplxe-vars.sh 1>/dev/null 2>&1

根据SFTP中的相关说明，输出字符的前4个字节"Copy"每个字母按照ASCII值拼接在一起被翻译成32位整数，十六进制是436F7079，十进制就是1131376761， 在传输协议中是作为包长度字段的，因此这是一个非常大的数字，导致连接出错。

附上相关的FAQ

SSH Frequently Asked Questions

When I try to use sftp or scp2, I get a message like this:

Received message too long (or "Bad packet length") 1416586337

and the connection fails. What's wrong?

sftpandscp2both actually work by runningsshin a subprocess, to connect to the remote host and run the file-transfer server (usually namedsftp-server). For instance, the commandsftp servermight result in the following command being run (OpenSSH):

ssh server -s -oForwardX11=no -oForwardAgent=no -oProtocol=2 sftp

scp2/sftp and sftp-server use a special file-transfer protocol, which they speak over this SSH session. The protocol is in fact based on the same packet protocol used by SSH.

In order for this to work, the SSH session must be "clean" — that is, it must have on it only information transmitted by the programs at either end. What often happens, though, is that there are statements in either the system or per-user shell startup files on the server (.bashrc, .profile, /etc/csh.cshrc, .login, etc.) which output text messages on login, intended to be read by humans (like fortune, echo "Hi there!", etc.). Such code should only produce output on interactive logins, when there is a tty attached to standard input. If it does not make this test, it will insert these text messages where they don't belong: in this case, polluting the protocol stream between scp2/sftp and sftp-server. The first four bytes of the text gets interpreted as a 32-bit packet length, which will usually be a wildly large number, provoking the error message above. Notice that:

1416586337 decimal = 546F6461 hex = "Toda" ASCII

suggesting a string beginning "Today..." (or maybe "Thank-you" in transliterated Hebrew).

The reason the shell startup files are relevant at all, is that sshd employs the user's shell when starting any programs on the user's behalf (using e.g. /bin/sh -c "command"). This is a Unix tradition, and has advantages:The user's usual setup (command aliases, environment variables, umask, etc.) are in effect when remote commands are run.

The common practice of setting an account's shell to /bin/false to disable it will prevent the owner from running any commands, should authentication still accidentally succeed for some reason.

There has been a lot of argument about whether this is the right behavior, since havingsshdinstead execsftp-serverdirectly, without the shell, would avoid this frequent problem. I personally feel that using the shell is the right thing to do: having startup files that emit text messages when there is no user to read them is just a mistake. SSH2 has a Boolean configuration statementAllowCshrcSourcingWithSubsystems, set false by default, which causessshd2to pass the-fflag to the shell when running subsystem programs (sftp-serveris run as an SSH-2 "subsystem"). With most shells,-fcauses the shell to omit the normal startup file processing. This prevents the corruption problem, but introduces other difficulties. With file transfers, the umask setting is important, and people are confused when they find that the umask they set in their~/.loginfile works with random remote commands (e.g.ssh server touch foo), but is mysteriously ignored when usingscp2/sftp.