![`debug1: client_input_global_request: rtype [email protected] Want_reply 0`에서 SSH 연결이 중단됩니다.](https://linux55.com/image/156488/%60debug1%3A%20client_input_global_request%3A%20rtype%20%5Bemail%20protected%5D%20Want_reply%200%60%EC%97%90%EC%84%9C%20SSH%20%EC%97%B0%EA%B2%B0%EC%9D%B4%20%EC%A4%91%EB%8B%A8%EB%90%A9%EB%8B%88%EB%8B%A4..png)
특정 컴퓨터에서 SSH를 사용할 때 이상한 동작이 발생합니다. SSH를 통해 연결하면 몇 초 동안 작동한 다음 "멈춥니다". 자세한 정보 표시 모드에서 새 SSH를 생성하면 작동 ssh -v이 중단되고(셸 프롬프트가 표시되지 않음) 최종 출력은 다음과 같습니다.
debug1: client_input_global_request: rtype [email protected] want_reply 0
그 이유는 무엇입니까?
전체 로그:
ssh -v [email protected]
OpenSSH_7.9p1, OpenSSL 1.0.2r 26 Feb 2019
debug1: Reading configuration data /home/chris/.ssh/config
debug1: /home/chris/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 5: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/home/chris/.ssh/sockets/[email protected]" does not exist
debug1: Connecting to 192.168.0.37 [192.168.0.37] port 22.
debug1: Connection established.
debug1: identity file /home/chris/.ssh/id_rsa type 0
debug1: identity file /home/chris/.ssh/id_rsa-cert type -1
debug1: identity file /home/chris/.ssh/id_dsa type -1
debug1: identity file /home/chris/.ssh/id_dsa-cert type -1
debug1: identity file /home/chris/.ssh/id_ecdsa type -1
debug1: identity file /home/chris/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/chris/.ssh/id_ed25519 type -1
debug1: identity file /home/chris/.ssh/id_ed25519-cert type -1
debug1: identity file /home/chris/.ssh/id_xmss type -1
debug1: identity file /home/chris/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.37:22 as 'chris'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:Q3IPnF5PorgEAJwAF1EBlFrD4XmttrmsSBgVQKvgaUM
debug1: Host '192.168.0.37' is known and matches the ED25519 host key.
debug1: Found key in /home/chris/.ssh/known_hosts:54
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /home/chris/.ssh/id_rsa RSA SHA256:jZ4wVcWhhtqNdX/SwnrbG7TRfTE9cmm9Ar1PLyCJwuc
debug1: Will attempt key: /home/chris/.ssh/id_dsa
debug1: Will attempt key: /home/chris/.ssh/id_ecdsa
debug1: Will attempt key: /home/chris/.ssh/id_ed25519
debug1: Will attempt key: /home/chris/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/chris/.ssh/id_rsa RSA SHA256:jZ4wVcWhhtqNdX/SwnrbG7TRfTE9cmm9Ar1PLyCJwuc
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/chris/.ssh/id_dsa
debug1: Trying private key: /home/chris/.ssh/id_ecdsa
debug1: Trying private key: /home/chris/.ssh/id_ed25519
debug1: Trying private key: /home/chris/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 192.168.0.37 ([192.168.0.37]:22).
debug1: setting up multiplex master socket
debug1: channel 0: new [/home/chris/.ssh/sockets/[email protected]]
debug1: control_persist_detach: backgrounding master process
debug1: forking to background
debug1: Entering interactive session.
debug1: pledge: id
debug1: multiplexing control connection
debug1: channel 1: new [mux-control]
debug1: channel 2: new [client-session]
debug1: client_input_global_request: rtype [email protected] want_reply 0
이 문제는 여기에서도 발생한 것으로 보이지만 구체적인 해결 방법은 언급되어 있지 않습니다.
https://forum.manjaro.org/t/ssh-connection-hangs-after-logging-in/4847/28 https://stackoverflow.com/questions/53410559/ssh-stuck-to-client-input-global-request-rtype-hostkeys-00openssh-com-want-rep
이상하게도 이는 네트워크 문제인 것 같습니다. 하지만 그 외에는 모든 것이 잘 작동합니다... 이상해 보입니다.
SSH 쉘/연결이 중단될 때마다 TCP Retransmission네트워크 로그에서 이를 볼 수 있습니다 .
문제의 머신에 연결하기 위해 사용하고 있는 다른 머신의 tshark 출력은 다음과 같습니다.
sudo tshark -f "tcp port 22" -i any
Running as user "root" and group "root". This could be dangerous.
tshark: Lua: Error during loading:
...94ln7cy52ca-wireshark-cli-2.6.6/share/wireshark/init.lua:32: dofile has been disabled due to running Wireshark as superuser. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Capturing on 'any'
1 0.000000000 192.168.0.6 → 192.168.0.37 SSH 128 Client: Encrypted packet (len=60)
2 4.393384377 192.168.0.6 → 192.168.0.37 TCP 76 33764 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=4094028584 TSecr=0 WS=128
3 4.451072834 192.168.0.37 → 192.168.0.6 TCP 76 22 → 33764 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=2514759161 TSecr=4094028584 WS=128
4 4.451117228 192.168.0.6 → 192.168.0.37 TCP 68 33764 → 22 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=4094028641 TSecr=2514759161
5 4.451358744 192.168.0.6 → 192.168.0.37 SSH 89 Client: Protocol (SSH-2.0-OpenSSH_7.9)
6 4.459998058 192.168.0.37 → 192.168.0.6 TCP 68 22 → 33764 [ACK] Seq=1 Ack=22 Win=65152 Len=0 TSval=2514759170 TSecr=4094028641
7 4.475179826 192.168.0.37 → 192.168.0.6 SSHv2 89 Server: Protocol (SSH-2.0-OpenSSH_7.9)
8 4.475220883 192.168.0.6 → 192.168.0.37 TCP 68 33764 → 22 [ACK] Seq=22 Ack=22 Win=64256 Len=0 TSval=4094028665 TSecr=2514759186
9 4.475398990 192.168.0.6 → 192.168.0.37 SSHv2 1468 Client: Key Exchange Init
10 4.486180419 192.168.0.37 → 192.168.0.6 SSHv2 780 Server: Key Exchange Init
11 4.486193334 192.168.0.6 → 192.168.0.37 TCP 68 33764 → 22 [ACK] Seq=1422 Ack=734 Win=64128 Len=0 TSval=4094028676 TSecr=2514759194
12 4.488140621 192.168.0.37 → 192.168.0.6 TCP 68 22 → 33764 [ACK] Seq=734 Ack=1422 Win=64128 Len=0 TSval=2514759196 TSecr=4094028666
13 4.488149618 192.168.0.6 → 192.168.0.37 SSHv2 116 Client: Elliptic Curve Diffie-Hellman Key Exchange Init
14 4.495305110 192.168.0.37 → 192.168.0.6 TCP 68 22 → 33764 [ACK] Seq=734 Ack=1470 Win=64128 Len=0 TSval=2514759206 TSecr=4094028678
15 4.591438906 192.168.0.37 → 192.168.0.6 SSHv2 448 Server: Elliptic Curve Diffie-Hellman Key Exchange Reply, New Keys, Encrypted packet (len=172)
16 4.591486757 192.168.0.6 → 192.168.0.37 TCP 68 33764 → 22 [ACK] Seq=1470 Ack=1114 Win=64128 Len=0 TSval=4094028782 TSecr=2514759301
17 4.598789938 192.168.0.6 → 192.168.0.37 SSHv2 84 Client: New Keys
18 4.605412113 192.168.0.37 → 192.168.0.6 TCP 68 22 → 33764 [ACK] Seq=1114 Ack=1486 Win=64128 Len=0 TSval=2514759316 TSecr=4094028789
19 4.605456186 192.168.0.6 → 192.168.0.37 SSHv2 112 Client: Encrypted packet (len=44)
20 4.611308177 192.168.0.37 → 192.168.0.6 TCP 68 22 → 33764 [ACK] Seq=1114 Ack=1530 Win=64128 Len=0 TSval=2514759322 TSecr=4094028796
21 4.611946582 192.168.0.37 → 192.168.0.6 SSHv2 112 Server: Encrypted packet (len=44)
22 4.611986097 192.168.0.6 → 192.168.0.37 SSHv2 136 Client: Encrypted packet (len=68)
23 4.617575973 192.168.0.37 → 192.168.0.6 TCP 68 22 → 33764 [ACK] Seq=1158 Ack=1598 Win=64128 Len=0 TSval=2514759328 TSecr=4094028802
24 4.625638737 192.168.0.37 → 192.168.0.6 SSHv2 144 Server: Encrypted packet (len=76)
25 4.625769093 192.168.0.6 → 192.168.0.37 SSHv2 696 Client: Encrypted packet (len=628)
26 4.646837769 192.168.0.37 → 192.168.0.6 SSHv2 144 Server: Encrypted packet (len=76)
27 4.646955832 192.168.0.6 → 192.168.0.37 SSHv2 160 Client: Encrypted packet (len=92)
28 4.663613579 192.168.0.37 → 192.168.0.6 SSHv2 128 Server: Encrypted packet (len=60)
29 4.704685867 192.168.0.6 → 192.168.0.37 TCP 68 33764 → 22 [ACK] Seq=2318 Ack=1370 Win=64128 Len=0 TSval=4094028895 TSecr=2514759374
30 6.314404352 192.168.0.6 → 192.168.0.37 SSHv2 152 Client: Encrypted packet (len=84)
31 6.408675360 192.168.0.37 → 192.168.0.6 SSHv2 112 Server: Encrypted packet (len=44)
32 6.408721657 192.168.0.6 → 192.168.0.37 TCP 68 33764 → 22 [ACK] Seq=2402 Ack=1414 Win=64128 Len=0 TSval=4094030599 TSecr=2514761119
33 6.408792972 192.168.0.6 → 192.168.0.37 SSHv2 152 Client: Encrypted packet (len=84)
34 6.417718667 192.168.0.37 → 192.168.0.6 SSHv2 96 Server: Encrypted packet (len=28)
35 6.417766608 192.168.0.6 → 192.168.0.37 TCP 68 33764 → 22 [ACK] Seq=2486 Ack=1442 Win=64128 Len=0 TSval=4094030608 TSecr=2514761128
36 6.417913946 192.168.0.6 → 192.168.0.37 SSHv2 180 Client: Encrypted packet (len=112)
37 6.433295532 192.168.0.37 → 192.168.0.6 SSHv2 720 Server: Encrypted packet (len=652)
38 6.433347530 192.168.0.6 → 192.168.0.37 TCP 68 33764 → 22 [ACK] Seq=2598 Ack=2094 Win=64128 Len=0 TSval=4094030624 TSecr=2514761143
39 6.440019259 192.168.0.37 → 192.168.0.6 SSHv2 112 Server: Encrypted packet (len=44)
40 6.440039427 192.168.0.6 → 192.168.0.37 TCP 68 33764 → 22 [ACK] Seq=2598 Ack=2138 Win=64128 Len=0 TSval=4094030630 TSecr=2514761150
41 6.440138534 192.168.0.6 → 192.168.0.37 SSHv2 460 Client: Encrypted packet (len=392)
42 6.674368565 192.168.0.6 → 192.168.0.37 TCP 460 [TCP Retransmission] 33764 → 22 [PSH, ACK] Seq=2598 Ack=2138 Win=64128 Len=392 TSval=4094030865 TSecr=2514761150
43 6.907359347 192.168.0.6 → 192.168.0.37 TCP 460 [TCP Retransmission] 33764 → 22 [PSH, ACK] Seq=2598 Ack=2138 Win=64128 Len=392 TSval=4094031098 TSecr=2514761150
44 7.370357846 192.168.0.6 → 192.168.0.37 TCP 460 [TCP Retransmission] 33764 → 22 [PSH, ACK] Seq=2598 Ack=2138 Win=64128 Len=392 TSval=4094031561 TSecr=2514761150
45 8.330683518 192.168.0.6 → 192.168.0.37 TCP 460 [TCP Retransmission] 33764 → 22 [PSH, ACK] Seq=2598 Ack=2138 Win=64128 Len=392 TSval=4094032521 TSecr=2514761150
46 10.186372155 192.168.0.6 → 192.168.0.37 TCP 460 [TCP Retransmission] 33764 → 22 [PSH, ACK] Seq=2598 Ack=2138 Win=64128 Len=392 TSval=4094034377 TSecr=2514761150
47 13.898356243 192.168.0.6 → 192.168.0.37 TCP 460 [TCP Retransmission] 33764 → 22 [PSH, ACK] Seq=2598 Ack=2138 Win=64128 Len=392 TSval=4094038089 TSecr=2514761150
48 19.274398519 192.168.0.6 → 192.168.0.37 TCP 520 [TCP Retransmission] 33742 → 22 [FIN, PSH, ACK] Seq=4294966905 Ack=1 Win=501 Len=452 TSval=4094043465 TSecr=2514723303
49 21.322527112 192.168.0.6 → 192.168.0.37 TCP 460 [TCP Retransmission] 33764 → 22 [PSH, ACK] Seq=2598 Ack=2138 Win=64128 Len=392 TSval=4094045513 TSecr=2514761150
답변1
SSH 서버에서 일부 네트워크 구성을 수정한 후에도 동일한 문제가 발생했습니다. 내 경우 TCP 재전송은 클라이언트가 서버로부터 아무런 응답도 받지 못했고 동일한 패킷을 재전송하려고 시도했음을 나타냅니다. 동시에 서버는 패킷을 수신하고 서버의 네트워크 추적은 응답이 전송되고 있음을 나타내는 것 같습니다.
내 경우 근본적인 문제는 서버의 네트워크 인터페이스에 잘못된 CIDR 접두사(a)가 있다는 것이었 /32습니다 /24. 이 경우 서버의 패킷을 클라이언트로 다시 라우팅할 수 없습니다.
문제는 netcat을 통해 재현될 수 있습니다. 서버에서 sshd일반적인 데몬을 종료합니다 .
nc -l 22
클라이언트 측에서:
nc sshserver 22
그런 다음 클라이언트 netcat에 몇 줄의 텍스트를 입력한 후 클라이언트에서 서버로 전송된 첫 번째 줄이 "성공"했지만 후속 줄이 없음을 확인했습니다. 네트워크 추적은 정확히 동일한 동작을 보여줍니다. 클라이언트는 데이터의 첫 번째 줄이 포함된 첫 번째 패킷의 "TCP 재전송"을 계속 확인하는 반면 후속 데이터는 "중단"됩니다.
네트워크 구성을 수정하면 SSH도 수정되었습니다.
답변2
몇 년 전에 특정 시스템에서 유사한 오류가 발생했으므로 ssh여기서 이 상황을 언급하는 것이 좋을 것 같습니다. 이 상황은 일부 콘텐츠로 인해 발생하는 호스트 서버의 사용자 세션 로그인 스크립트의 문제로 인해 발생할 수도 있습니다. 명령 등) echo. 또는 .bashrc호출된 프로그램을 출력 하는 경우도 있습니다 .stderr