背景
人在家裏,電腦爲linux系統,需要遠程連接學校實驗室的服務器。
要連接學校內網,首先要通過globalprotect連接學校內網
然後通過ssh登錄實驗室的服務器。
問題
學校內網已經打通,可以打開學校信息門戶,同時ping實驗室服務器也可以ping通,但是ssh連接卻不成功,
報錯顯示Connection closed by xxxxx port 22
問題定位
通過ssh協議去clone 實驗室服務器上gitlab的代碼也會報同樣的錯誤。若使用http協議clone代碼卻不會報錯。
使用虛擬機中的windows, 網絡設置爲NAT,即同樣的網絡環境,可以成功通過windows中的ssh連接遠程服務器。
由於前面的信息,可以大致推斷出問題出在linux中的ssh,通過命令
ssh -v <username>@<server ip>
查看ssh的debug信息
得到如下結果
OpenSSH_7.9p1 Debian-10+deb10u1, OpenSSL 1.1.1c 28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <server ip>[<server ip>] port 22.
debug1: Connection established.
debug1: identity file /home/holly/.ssh/id_rsa type -1
debug1: identity file /home/holly/.ssh/id_rsa-cert type -1
debug1: identity file /home/holly/.ssh/id_dsa type -1
debug1: identity file /home/holly/.ssh/id_dsa-cert type -1
debug1: identity file /home/holly/.ssh/id_ecdsa type -1
debug1: identity file /home/holly/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/holly/.ssh/id_ed25519 type -1
debug1: identity file /home/holly/.ssh/id_ed25519-cert type -1
debug1: identity file /home/holly/.ssh/id_xmss type -1
debug1: identity file /home/holly/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to <server ip>22 as '<user name>'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by <server ip> port 22
以上內容中,<server ip>
爲服務器ip, <user name>
爲用戶登錄名
可以看到,在執行到 expecting SSH2_MSG_KEX_ECDH_REPLY時出現了問題
出問題的原因是,本地開啓vpn的虛擬網卡MTU 比 目標網絡設置的MTU大
嘗試修改虛擬網卡MTU
使用ifconfig
命令查看網絡信息,找到虛擬網卡,可以通過開啓和關閉vpn查看ifcongig
變化來定位虛擬網卡
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1422
inet 10.38.7.251 netmask 255.255.255.255 destination 10.38.7.251
inet6 fe80::9c73:7564:588f:d95 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 46918 bytes 63984838 (61.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 17092 bytes 945172 (923.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我這裏虛擬網卡爲tun0
它的MTU是1422, 修改其爲較小值,我這裏修改爲1200
sudo ifconfig tun0 mtu 1200
修改之後再去使用ssh協議就可以成功了。
參考list:
https://www.cnblogs.com/starof/p/4709805.html
https://blog.csdn.net/wang_zhenwei/article/details/88876992