[英]ssh from docker container to internet, got stuck and no errors produced
我试图从docker容器SSH到互联网,它只是卡住而没有退出和错误。 因此,我使用“ / usr / sbin / sshd -d -D -p 222”在ssh服务器上运行调试会话,这是来自ssh服务器的日志
debug1: Bind to port 222 on 0.0.0.0.
Server listening on 0.0.0.0 port 222.
debug1: Bind to port 222 on ::.
Server listening on :: port 222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3 Connection from 103.17.54.193 port 45677 on 128.199.127.170 port 222
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: permanently_set_uid: 104/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com zlib@openssh.com [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com zlib@openssh.com [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
然后,我从Docker容器运行ssh客户端“ ssh -v -C -A -X -p 222 root @ server_host”。 这是来自SSH客户端的日志
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 5: Applying options for *
debug1: /root/.ssh/config line 8: Applying options for *
debug1: /root/.ssh/config line 11: Applying options for *
debug1: /root/.ssh/config line 14: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 128.199.127.170 [128.199.127.170] port 222.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
从ssh服务器的日志中,我们可以看到ssh服务器正在寻找SSH2_MSG_KEX_ECDH_INIT,但ssh客户端未发送任何内容。 但是,当我尝试在另一台主机上运行相同的docker映像时,一切都可以正常工作,我可以将docker容器中的ssh切换到同一ssh服务器。 因此,我想这与该主机中的这个特殊的docker服务有关。
这是docker检查docker容器
有人可以告诉我怎么回事吗? 以及如何解决(如果可能)?
从检查来看,您似乎没有针对此主机的适当桥接网络(默认docker网络)。 您的Gateway
和IPAddress
似乎为空。
您应确保以下几点:
[anovil@ubuntu-anovil ~]$ ip addr |grep docker 4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default inet 172.17.0.1/16 scope global docker0 27: veth6c3addd@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default [anovil@ubuntu-anovil ~]$
ifconfig
可以在容器内获得容器的IP。 或者,您也可以使用docker run --net host ......
选项启动容器,以使容器的所有主机接口可用。 这仅用于测试,不建议实际使用。 您可以使用docker network ls
列出可用的网络,然后尝试使用列表中的其他网络(名称)。
希望这会有所帮助,让我们知道如何进行:)
谢谢-Anoop
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.