linux通過ssh連接學校內網遠程服務器時連接失敗

背景

人在家裏，電腦爲linux系統，需要遠程連接學校實驗室的服務器。
要連接學校內網，首先要通過globalprotect連接學校內網
然後通過ssh登錄實驗室的服務器。

問題

學校內網已經打通，可以打開學校信息門戶，同時ping實驗室服務器也可以ping通，但是ssh連接卻不成功，
報錯顯示Connection closed by xxxxx port 22

問題定位

通過ssh協議去clone 實驗室服務器上gitlab的代碼也會報同樣的錯誤。若使用http協議clone代碼卻不會報錯。
使用虛擬機中的windows， 網絡設置爲NAT，即同樣的網絡環境，可以成功通過windows中的ssh連接遠程服務器。

由於前面的信息，可以大致推斷出問題出在linux中的ssh，通過命令

ssh -v <username>@<server ip>

查看ssh的debug信息
得到如下結果

OpenSSH_7.9p1 Debian-10+deb10u1, OpenSSL 1.1.1c  28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <server ip>[<server ip>] port 22.
debug1: Connection established.
debug1: identity file /home/holly/.ssh/id_rsa type -1
debug1: identity file /home/holly/.ssh/id_rsa-cert type -1
debug1: identity file /home/holly/.ssh/id_dsa type -1
debug1: identity file /home/holly/.ssh/id_dsa-cert type -1
debug1: identity file /home/holly/.ssh/id_ecdsa type -1
debug1: identity file /home/holly/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/holly/.ssh/id_ed25519 type -1
debug1: identity file /home/holly/.ssh/id_ed25519-cert type -1
debug1: identity file /home/holly/.ssh/id_xmss type -1
debug1: identity file /home/holly/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to <server ip>22 as '<user name>'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

Connection closed by <server ip> port 22

以上內容中，<server ip>爲服務器ip， <user name>爲用戶登錄名
可以看到，在執行到 expecting SSH2_MSG_KEX_ECDH_REPLY時出現了問題
出問題的原因是，本地開啓vpn的虛擬網卡MTU 比 目標網絡設置的MTU大

嘗試修改虛擬網卡MTU

使用ifconfig命令查看網絡信息，找到虛擬網卡，可以通過開啓和關閉vpn查看ifcongig變化來定位虛擬網卡

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1422
        inet 10.38.7.251  netmask 255.255.255.255  destination 10.38.7.251
        inet6 fe80::9c73:7564:588f:d95  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 46918  bytes 63984838 (61.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 17092  bytes 945172 (923.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

我這裏虛擬網卡爲tun0
它的MTU是1422， 修改其爲較小值，我這裏修改爲1200

sudo ifconfig tun0 mtu 1200

修改之後再去使用ssh協議就可以成功了。

參考list：
https://www.cnblogs.com/starof/p/4709805.html
https://blog.csdn.net/wang_zhenwei/article/details/88876992