我可以通过 ssh 连接到我家的服务器,但我无法通过某些 VPN 或公共(public) wifi(不是全部)进行 ssh。当我输入 ssh -v user@server.domain , 我懂了:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to server.domain [server.ip.address] port 22.
debug1: Connection established.
debug1: identity file /Users/Hung/.ssh/id_rsa type 1
debug1: identity file /Users/Hung/.ssh/id_rsa-cert type -1
debug1: identity file /Users/Hung/.ssh/id_dsa type -1
debug1: identity file /Users/Hung/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
然后,尽可能长时间没有回应。有人可以帮忙吗?以下是正常的:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to server.domain [server.ip.address] port 22.
debug1: Connection established.
debug1: identity file /Users/Hung/.ssh/id_rsa type 1
debug1: identity file /Users/Hung/.ssh/id_rsa-cert type -1
debug1: identity file /Users/Hung/.ssh/id_dsa type -1
debug1: identity file /Users/Hung/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 15:6e:7a:db:35:7c:6a:ba:3e:c0:c1:24:4d:5a:be:a8
debug1: Host 'server.domain' is known and matches the RSA host key.
debug1: Found key in /Users/Hung/.ssh/known_hosts:13
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Hung/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to server.domain ([server.ip.address]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_CTYPE = UTF-8
最佳答案
可能是 VPN 链接或 wifi 链接上的 MTU 有问题。您可以尝试降低 VPN 上的 MTU 大小(假设 tap0 是您的 VPN 设备,在 Linux 上):
ifconfig tap0 mtu 1200
Windows 和 Mac 还有其他设置 MTU 的机制,我没有尝试过:
最大传输单元 (MTU) 是您可以通过链路发送的数据包的最大大小。如果您到服务器的链接的 MTU 为 1500,但您将 VPN 配置为使用 1484 的 MTU 运行,则来自服务器的大数据包必须分成两部分以适应 1484 大小的数据包。一些便宜的路由器/防火墙不能正确处理这个问题,只转发第一个数据包。因此,一旦您尝试发送必须碎片化的大东西,只有第一个碎片才能通过。结果,您的客户端将等待第二个片段重新组装整个数据包,直到超时,这将停止您的连接。这可能发生在服务器向您发送一个大数据包的那一刻,例如,在您登录的那一刻,一个大的“欢迎屏幕”。
来源:http://www.snailbook.com/faq/mtu-mismatch.auto.html
关于SSH,连接建立,但卡住,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24052623/