1 問題
openstack環境下創建了一個虛擬機,爲虛擬機分配了浮動IP: 192.168.50.61。但是從ubuntu14.04服務器192.168.50.5上無法ssh到虛擬機服務器,SSH xxx@ip 就沒有反應,也沒有報錯,可以PING通對方,TELNET對方的22端口也是通的。
使用ssh -vv看卡在哪裏,出現錯誤:
root@node5:~# ssh -vv [email protected]
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.50.61 [192.168.50.61] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
...
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
2 方法
查看原因是在192.168.50.5服務器上mtu設置太大:http://www.snailbook.com/faq/mtu-mismatch.auto.html
Change the network interface MTU to solve it. This is a bug for ubuntu 14.04.
This worked for me:
sudo ip li set mtu 1200 dev wlan0
Or:
sudo ifconfig wlan0 mtu 1200查看本機:
root@node5:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether ac:16:2d:0b:a8:9b brd ff:ff:ff:ff:ff:ff
修改網卡mtu後問題解決。
root@node5:~# ip li set mtu 1200 dev p5p1
root@node5:~# ssh [email protected]
[email protected]'s password:
root@node5:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1200 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether ac:16:2d:0b:a8:9b brd ff:ff:ff:ff:ff:ff
3 其它方法
3.1 echo "1200" > /sys/class/net/eth0/mtu
現象:主機間互通正常且可以判斷對方ssh端口是開放的,但是用ssh xxx.xxx.xxx.xxx -v這種方式連接的時候會卡在debug1: SSH2_MSG_KEXINIT sent這步
解決方法:echo "1200" > /sys/class/net/eth0/mtu
原因:詳情參考http://techbackground.blogspot.com/2013/06/path-mtu-discovery-and-gre.html 簡單解釋就是IPV4報頭與GRE報頭結構不同,導致GRE數據包最大內容載荷只有1454,默認mtu如果是1500的話,就會有46字節的內容無法處理導致錯誤
3.2 修改/etc/ssh/ssh_config
The solution was found here: SSH works in putty but not terminal
in Ubuntu 13.10/12.10, login and gain sudo access.
Edit /etc/ssh/ssh_config, uncomment the following lines
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
Add the following line
HostKeyAlgorithms ssh-rsa,ssh-dss
You should end up with your /etc/ssh/ssh_config file looking like
this
Host *
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
HostKeyAlgorithms ssh-rsa,ssh-dss
Now run ssh -T -v [email protected] and it will ask you to add the server
to your known hosts file. Hit yes, and then it should welcome you to the server.
3.3 修改內核
局域網裏到WINDOWS使用PUTTY是可以鏈接到遠程主機到
真是奇怪呀
uncoffee@suncoffee:~$ ssh -v IP
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to IP [IP] port 22.
debug1: Connection established.
debug1: identity file /home/suncoffee/.ssh/id_rsa type -1
debug1: identity file /home/suncoffee/.ssh/id_rsa-cert type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa type -1
debug1: identity file /home/suncoffee/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug1: SSH2_MSG_KEXINIT sent
到這裏就停了,沒有反應了
net.ipv4.tcp_rmem = 4096 87380 207520
4 如何修改內核
查看當前系統參數sysctl
-a
手動修改(當前有效,重啓後無效)joy@joy:~$
cat /proc/sys/net/ipv4/icmp_echo_ignore_all0joy@joy:~$
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
命令修改(當前有效,重啓後無效)sysctl
-w net.ipv4.icmp_echo_ignore_all=1 (參數名與=文件路徑去掉/proc/sys/,且"/ "改成".")
配置文件中修改(當前無效,重啓永久生效)vim
/etc/sysctl.conf添加net.ipv4.icmp_echo_ignore_all=1
讓其修改後立刻生效 sysctl
-p
參數遷移1、當初當前主機所有配置sysctl
-a > mysys.conf
2、拷貝到其他主機並執行sysctl
-p -f mysys.conf
3、如果使用2套參數文件後性能大不相同,可對比2個參數文件