ubuntu – ssh客户端问题:由peer重置连接

前端之家收集整理的这篇文章主要介绍了ubuntu – ssh客户端问题:由peer重置连接前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我的Ubuntu笔记本电脑上有一个非常烦人的问题.

升级到Ubuntu 11.04后,我今天注意到了它,虽然我不完全确定这是因为我几天前用ssh键玩了.

问题是,每当我尝试ssh到任何主机时,我都会收到以下错误

Read from socket Failed: Connection reset by peer

使用-vvv运行时会提供以下输出

OpenSSH_5.8p1 Debian-1ubuntu3,OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to hostname [10.0.0.2] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 1.99,remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "hostname" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
Read from socket Failed: Connection reset by peer

我的/ etc / ssh / ssh_config:

Host *
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication no
    GSSAPIDelegateCredentials no

我可以通过ssh从任何其他服务器连接到我的笔记本电脑,我也可以成功从我的笔记本电脑ssh localhost.

我可以从其他笔记本电脑连接到所有这些其他服务器,我没有看到其他服务器的日志中有关我失败的尝试.

我试图阻止iptables,没有帮助.

我尝试了几个我可以用/ etc / ssh / ssh_config在网上找到的技巧,但是我没有成功解决这个问题……

有任何想法吗?

编辑:
这是我尝试连接的其中一个主机的日志:

May  1 19:15:23 localhost sshd[2845]: debug1: Forked child 2847.
May  1 19:15:23 localhost sshd[2845]: debug3: send_rexec_state: entering fd = 8 config len 577
May  1 19:15:23 localhost sshd[2845]: debug3: ssh_msg_send: type 0
May  1 19:15:23 localhost sshd[2845]: debug3: send_rexec_state: done
May  1 19:15:23 localhost sshd[2847]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
May  1 19:15:23 localhost sshd[2847]: debug1: inetd sockets after dupping: 3,3
May  1 19:15:23 localhost sshd[2847]: Connection from 10.0.0.7 port 55747
May  1 19:15:23 localhost sshd[2847]: debug1: Client protocol version 2.0; client software version OpenSSH_5.8p1 Debian-1ubuntu3
May  1 19:15:23 localhost sshd[2847]: debug1: match: OpenSSH_5.8p1 Debian-1ubuntu3 pat OpenSSH*
May  1 19:15:23 localhost sshd[2847]: debug1: Enabling compatibility mode for protocol 2.0
May  1 19:15:23 localhost sshd[2847]: debug1: Local version string SSH-2.0-OpenSSH_5.3
May  1 19:15:23 localhost sshd[2847]: debug2: fd 3 setting O_NONBLOCK
May  1 19:15:23 localhost sshd[2847]: debug2: Network child is on pid 2848
May  1 19:15:23 localhost sshd[2847]: debug3: preauth child monitor started
May  1 19:15:23 localhost sshd[2847]: debug3: mm_request_receive entering
May  1 19:15:23 localhost sshd[2848]: debug3: privsep user:group 74:74
May  1 19:15:23 localhost sshd[2848]: debug1: permanently_set_uid: 74/74
May  1 19:15:23 localhost sshd[2848]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
May  1 19:15:23 localhost sshd[2848]: debug1: SSH2_MSG_KEXINIT sent
May  1 19:15:23 localhost sshd[2848]: debug3: Wrote 784 bytes for a total of 805
May  1 19:15:23 localhost sshd[2848]: fatal: Read from socket Failed: Connection reset by peer
这在openssh中是一个难以调试的,它似乎只发生在特定客户端到特定服务器上.

>原因?
我没有找到根本原因.我最好的发现是连接数据包太大,服务器无法处理,连接被重置.
>解决方法:限制数据包大小.两种选择:

>在ssh命令行中使用’-c’限制密码列表长度,例如’-c aes256-ctr’
>通过添加到〜/ .ssh / config来限制HostKeyAlgorithms列表:

HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss

>网址:

> Ubuntu bug:https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493
>我在openssh-unix-dev列表中的帖子:http://lists.mindrot.org/pipermail/openssh-unix-dev/2011-February/029361.html

>受影响的版本:AFAIK以5.7p1开头.降级到5.5p1解决了这个问题.但是,在没有此问题的机器上,5.7p1,5.8p1可以正常工作.因此,我的假设是它与在5.7p1上添加到第三方库的无辜库调用有关,该调用仅在某些环境中被破坏.一个疯狂的错误的疯狂假设.

猜你在找的Ubuntu相关文章