现在我已经有了从我所有客户端计算机到服务器的持续隧道。 我还没有更新我的服务器或更改任何configuration文件 – 据我所知 – 几个月。 突然间,我的所有客户端计算机都停止工作了(每个端口都使用不同的端口)。
我使用RSA密钥。 我已经在每台计算机上多次重新生成它们。
在“ps aux”输出中找不到“[email protected]”时,我有一个脚本通过Cron作业运行以下代码:
ssh -p 2222 -g -T -N -x -f -R 2223:localhost:22 [email protected] 当我用-vvv手动运行这个命令时,我可以ssh进入服务器,然后ssh进入转发的端口(ssh localhost -p 2223)就好了。 五分钟后,它只是挂起。 我使用-vvv在服务器上获得以下输出:
chad@zeus:~$ ssh localhost -p 2223 -vvv OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 2223. debug1: Connection established. debug1: identity file /home/chad/.ssh/identity type -1 debug3: Not a RSA1 key file /home/chad/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/chad/.ssh/id_rsa type 1 debug1: identity file /home/chad/.ssh/id_dsa type -1
当我telnet到我得到的端口
chad@zeus:~$ telnet localhost 2223 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
通常我得到输出输出如“SSH-2.0-OpenSSH_4.3”。
在客户端,我启动了隧道(通过ssh -p 2222 -g -T -N -x -f -R 2223:localhost:22 [email protected]),我得到以下详细输出:
OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to my.hostname [68.6.214.39] port 2222. debug1: Connection established. debug1: identity file /home/chad/.ssh/identity type -1 debug3: Not a RSA1 key file /home/chad/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/chad/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/chad/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1 Debian-8ubuntu1.2 debug1: match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 120/256 debug2: bits set: 525/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: put_host_port: [68.6.214.39]:2222 debug3: put_host_port: [my.hostname]:2222 debug3: check_host_in_hostfile: filename /home/chad/.ssh/known_hosts debug3: check_host_in_hostfile: match line 3 debug3: check_host_in_hostfile: filename /home/chad/.ssh/known_hosts debug3: check_host_in_hostfile: match line 2 debug1: Host '[my.hostname]:2222' is known and matches the RSA host key. debug1: Found key in /home/chad/.ssh/known_hosts:3 debug2: bits set: 534/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/chad/.ssh/id_rsa (0xb9b96ad0) debug2: key: /home/chad/.ssh/identity ((nil)) debug2: key: /home/chad/.ssh/id_dsa ((nil)) debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/chad/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 277 debug2: input_userauth_pk_ok: fp 14:ff:10:40:31:88:05:bc:46:73:91:ef:58:70:cc:78 debug3: sign_and_send_pubkey debug1: Authentication succeeded (publickey). debug1: Remote connections from LOCALHOST:2223 forwarded to local address localhost:22 debug1: Entering interactive session. debug1: remote forward success for: listen 2223, connect localhost:22 debug1: All remote forwarding requests processed
我的.ssh目录和文件的权限如下:
drwxr-xr-x 2 chad chad 4096 2009-10-15 00:03 .ssh -rw-r--r-- 1 chad chad 408 2009-10-15 00:03 authorized_keys -rw------- 1 chad chad 1675 2009-10-14 10:09 id_rsa -rw-r--r-- 1 chad chad 393 2009-10-14 10:09 id_rsa.pub -rw------- 1 chad chad 2210 2009-10-14 11:27 known_hosts
此外,如果我在客户端“killall ssh”,然后telnet到端口2223,我仍然得到一个回应:
chad@zeus:~$ telnet localhost 2223 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
我彻底困惑。 任何想法为什么发生这种情况?
服务器周围的networking设置是否有变化? 我发现当没有stream量时,stream量通过的路由器或防火墙不能保持TCP连接的状态。
尝试添加到您的服务器上的ssh_config:
ServerAliveInterval 60
这将通过ssh连接发送一些数据(它不会干扰你的隧道)每一分钟,以便任何可能超时您的连接不会忘记它。 它有额外的好处,如果它没有响应,会自动杀死你的SSH隧道,这将允许你现有的脚本重新连接。