环境

  • 服务器操作系统:Linux 5.15.0-46-generic #49~20.04.1-Ubuntu SMP 2022 年 8 月 4 日星期四 19:15:44 UTC x86_64 x86_64 x86_64 GNU/Linux
  • 服务器 SSH:OpenSSH_8.2p1 Ubuntu-4ubuntu0.8,OpenSSL 1.1.1f 2020 年 3 月 31 日

描述问题

ping 服务器始终正常并且稳定。

--- ping statistics ---
2607 packets transmitted, 2607 received, 0% packet loss, time 2668547ms
rtt min/avg/max/mdev = 0.056/0.104/0.580/0.027 ms

服务器的负载很低。

但经常无法与服务器建立新的 SSH 连接,持续一分钟到几十分钟。

但之前建立的SSH连接可以正常运行,并且可能使用SSH相关的服务,例如使用sudo命令。

出现该问题的服务器共有 3 台,其中一台出现问题的频率比较高,最长可达十分钟无法访问,另两台出现问题的频率较低,一般为 1 到 3 分钟无法访问。

该问题不定期且频繁地发生。

尝试journalctl -u ssh检查SSH日志,但还没找到原因:

Oct 16 16:15:33 user1-SERVER sshd[1806]: debug1: Forked child 3215566.
Oct 16 16:15:33 user1-SERVER sshd[3215566]: debug1: Set /proc/self/oom_score_adj to 0
Oct 16 16:15:33 user1-SERVER sshd[3215566]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Oct 16 16:15:33 user1-SERVER sshd[3215566]: debug1: inetd sockets after dupping: 4, 4
Oct 16 16:15:33 user1-SERVER sshd[3215566]: Connection from 10.8.238.253 port 65243 on 10.9.74.101 port 22 rdomain ""
Oct 16 16:15:33 user1-SERVER sshd[3215566]: debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.8
Oct 16 16:15:33 user1-SERVER sshd[3215566]: debug1: Remote protocol version 2.0, remote software version libssh_0.9.6
Oct 16 16:15:33 user1-SERVER sshd[3215566]: debug1: no match: libssh_0.9.6
Oct 16 16:15:33 user1-SERVER sshd[3215566]: debug1: permanently_set_uid: 127/65534 [preauth]
Oct 16 16:15:33 user1-SERVER sshd[3215566]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Oct 16 16:15:33 user1-SERVER sshd[3215566]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: SSH2_MSG_KEXINIT received [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: kex: algorithm: curve25519-sha256 [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: rekey out after 4294967296 blocks [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: Sending SSH2_MSG_EXT_INFO [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: rekey in after 4294967296 blocks [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: KEX done [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: userauth-request for user user1 service ssh-connection method none [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: attempt 0 failures 0 [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: PAM: initializing for "user1"
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: PAM: setting PAM_RHOST to "10.8.238.253"
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: PAM: setting PAM_TTY to "ssh"
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: userauth-request for user user1 service ssh-connection method password [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: attempt 1 failures 0 [preauth]
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: PAM: password authentication accepted for user1
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: do_pam_account: called
Oct 16 16:15:34 user1-SERVER sshd[3215566]: Accepted password for user1 from 10.8.238.253 port 65243 ssh2
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: monitor_child_preauth: user1 has been authenticated by privileged process
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: monitor_read_log: child log fd closed
Oct 16 16:15:34 user1-SERVER sshd[3215566]: debug1: PAM: establishing credentials
Oct 16 16:15:34 user1-SERVER sshd[3215566]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
Oct 16 16:17:51 user1-SERVER sshd[1806]: debug1: Forked child 3217034.
Oct 16 16:17:51 user1-SERVER sshd[3217034]: debug1: Set /proc/self/oom_score_adj to 0
Oct 16 16:17:51 user1-SERVER sshd[3217034]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: inetd sockets after dupping: 4, 4
Oct 16 16:18:33 user1-SERVER sshd[3217034]: Connection from 10.8.238.253 port 65396 on 10.9.74.101 port 22 rdomain ""
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.8
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: Remote protocol version 2.0, remote software version libssh_0.9.6
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: no match: libssh_0.9.6
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: permanently_set_uid: 127/65534 [preauth]
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Oct 16 16:18:33 user1-SERVER sshd[3217034]: Received disconnect from 10.8.238.253 port 65396:11: Bye Bye [preauth]
Oct 16 16:18:33 user1-SERVER sshd[3217034]: Disconnected from 10.8.238.253 port 65396 [preauth]
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: do_cleanup [preauth]
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: monitor_read_log: child log fd closed
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: do_cleanup
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: Killing privsep child 3217204
Oct 16 16:18:33 user1-SERVER sshd[3217034]: debug1: audit_event: unhandled event 12
Oct 16 16:18:33 user1-SERVER sshd[1806]: debug1: main_sigchld_handler: Child exited
Oct 16 16:18:37 user1-SERVER sshd[1806]: debug1: Forked child 3217248.
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: Set /proc/self/oom_score_adj to 0
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: inetd sockets after dupping: 4, 4
Oct 16 16:18:37 user1-SERVER sshd[3217248]: Connection from 10.8.238.253 port 65435 on 10.9.74.101 port 22 rdomain ""
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.8
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: Remote protocol version 2.0, remote software version libssh_0.9.6
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: no match: libssh_0.9.6
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: permanently_set_uid: 127/65534 [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: SSH2_MSG_KEXINIT received [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: kex: algorithm: curve25519-sha256 [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: rekey out after 4294967296 blocks [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: Sending SSH2_MSG_EXT_INFO [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: rekey in after 4294967296 blocks [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: KEX done [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: userauth-request for user user1 service ssh-connection method none [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: attempt 0 failures 0 [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: PAM: initializing for "user1"
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: PAM: setting PAM_RHOST to "10.8.238.253"
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: PAM: setting PAM_TTY to "ssh"
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: userauth-request for user user1 service ssh-connection method password [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: attempt 1 failures 0 [preauth]
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: PAM: password authentication accepted for user1
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: do_pam_account: called
Oct 16 16:18:37 user1-SERVER sshd[3217248]: Accepted password for user1 from 10.8.238.253 port 65435 ssh2
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: monitor_child_preauth: user1 has been authenticated by privileged process
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: monitor_read_log: child log fd closed
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: PAM: establishing credentials
Oct 16 16:18:37 user1-SERVER sshd[3217248]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
Oct 16 16:18:37 user1-SERVER sshd[3217248]: User child is on pid 3217304
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: session_new: session 0
Oct 16 16:18:37 user1-SERVER sshd[3217248]: debug1: SELinux support disabled

如何找到原因,并解决这个问题?

1

  • 也许您应该使用带有 -vvv 选项的 ssh 来查看它是否有任何问题并将其发布在这里。


    – 

0