브리지 모드의 컨테이너에서 SSH를 통해 서버에 액세스할 때 특정 명령이 중단됩니다.

SSH를 사용하여 Docker 컨테이너에서 서버에 액세스할 수 있지만 특정 명령(예 ps aux: cat등)으로 인해 세션이 정지됩니다. Ctrl-c를 사용하여 세션을 닫아야 합니다. 동일한 컨테이너에서 다시 시도하면 정상적으로 작동합니다.

예는 다음과 같습니다.

$ docker run --rm -it debian:buster bash
$ apt update && apt install -y openssh-client # Install ssh
$ ssh [email protected] -o LogLevel=Debug ps aux 
# The session is stuck. I have to Ctrl-c
$ ssh [email protected] -o LogLevel=Debug ps aux
# This time it works.

네트워크 "호스트"를 사용하면 docker run --rm -it --network=host debian:buster bash정상적으로 작동합니다.

다음은 디버그 추적입니다(익명).

root@9995e92fead2:/# ssh [email protected] -o LogLevel=Debug ps aux
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to staging.website.net [1.1.1.1] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1
debug1: match: OpenSSH_7.4p1 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to staging.website.net:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fmERO2EkCT5DDL/dFFbQayx9RmQLgEGrTvC3Z2sOIpU
The authenticity of host 'staging.website.net (1.1.1.1)' can't be established.
ECDSA key fingerprint is SHA256:fmERO2EkCT5DDL/dFFbQayx9RmQLgEGrTvC3Z2sOIpU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'staging.website.net,1.1.1.1' (ECDSA) to the list of known hosts.
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
debug1: Will attempt key: /root/.ssh/id_dsa 
debug1: Will attempt key: /root/.ssh/id_ecdsa 
debug1: Will attempt key: /root/.ssh/id_ed25519 
debug1: Will attempt key: /root/.ssh/id_xmss 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
debug1: Server accepts key: /root/.ssh/id_rsa RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
debug1: Authentication succeeded (publickey).
Authenticated to staging.website.net ([1.1.1.1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending environment.
debug1: Sending command: ps aux

다음은 서버 측 로그입니다.

sshd[34224]: rexec line 14: Deprecated option KeyRegenerationInterval
sshd[34224]: rexec line 23: Deprecated option RSAAuthentication
sshd[34224]: rexec line 24: Deprecated option RhostsRSAAuthentication
sshd[34224]: rexec line 25: Deprecated option ServerKeyBits
sshd[34224]: Connection from 1.1.1.1 port 37812 on 1.1.1.1 port 22
sshd[34224]: reprocess config line 23: Deprecated option RSAAuthentication
sshd[34224]: reprocess config line 24: Deprecated option RhostsRSAAuthentication
sshd[34224]: Postponed publickey for user from 1.1.1.1 port 37812 ssh2 [preauth]
audit[34224]: USER_ACCT pid=34224 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34224]: Accepted publickey for user from 1.1.1.1 port 37812 ssh2: RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
audit[34224]: CRED_ACQ pid=34224 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34224]: pam_unix(sshd:session): session opened for user user by (uid=0)
audit[34224]: USER_START pid=34224 uid=0 auid=2000 ses=34235 msg='op=PAM:session_open acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34224]: User child is on pid 34285
audit[34285]: CRED_ACQ pid=34285 uid=0 auid=2000 ses=34235 msg='op=PAM:setcred acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34285]: Starting session: command for user from 1.1.1.1 port 37812 id 0

나는 그것에 대해 특별한 것을 보지 못합니다.

일부 서버에서는 작동하므로 서버 측에 구성이 있는 것 같습니다.

어떻게 해결할 수 있나요?

편집하다

ServerAliveInterval나는 sum의 값을 변경했으며 ServerAliveCountMax다음과 같은 결과를 얻었습니다.

Timeout, server website not responding.