摘要:
在Docker中运行ssh时会出现问题。该问题的初始特征是1bash-4.1#sshlocalhost2连接到本地主机closedbyremotehost。在问题解决过程中,我们首先检查了sshd的启动。似乎已经启动了1bash-4.1#psax|grepsshd233?Ss0:00/usr/sbin/sshd3870?S+0:00grepsshd搜索了
问题出现
这是在Docker中运行ssh中出现的问题,问题初始特征表现为
1 bash-4.1# ssh localhost 2 Connection to localhost closed by remote host.
问题解决过程
首先查看了sshd的启动情况,看似已经启动了
1 bash-4.1# ps ax | grep sshd 2 33 ? Ss 0:00 /usr/sbin/sshd 3 870 ? S+ 0:00 grep sshd
在搜索了网上的一些资料后,怀疑是因为SELINUX的原因引起的,因此运行了getenforce
1 bash-4.1# getenforce 2 getenforce: getenforce() failed
发现不能使用getenforce命令获得SELINUX的状态,我也运行了ssh -v localhost查看详细原因
1 bash-4.1# ssh localhost -v 2 OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 3 debug1: Reading configuration data /root/.ssh/config 4 debug1: Applying options for * 5 debug1: Reading configuration data /etc/ssh/ssh_config 6 debug1: Applying options for * 7 debug1: Connecting to localhost [::1] port 2122. 8 debug1: Connection established. 9 debug1: permanently_set_uid: 0/0 10 debug1: identity file /root/.ssh/identity type -1 11 debug1: identity file /root/.ssh/identity-cert type -1 12 debug1: identity file /root/.ssh/id_rsa type 1 13 debug1: identity file /root/.ssh/id_rsa-cert type -1 14 debug1: identity file /root/.ssh/id_dsa type -1 15 debug1: identity file /root/.ssh/id_dsa-cert type -1 16 debug1: identity file /root/.ssh/id_ecdsa type -1 17 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 18 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 19 debug1: match: OpenSSH_5.3 pat OpenSSH* 20 debug1: Enabling compatibility mode for protocol 2.0 21 debug1: Local version string SSH-2.0-OpenSSH_5.3 22 debug1: SSH2_MSG_KEXINIT sent 23 debug1: SSH2_MSG_KEXINIT received 24 debug1: kex: server->client aes128-ctr hmac-md5 none 25 debug1: kex: client->server aes128-ctr hmac-md5 none 26 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent 27 debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP 28 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent 29 debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY 30 debug1: checking without port identifier 31 Warning: Permanently added '[localhost]:2122' (RSA) to the list of known hosts. 32 debug1: ssh_rsa_verify: signature correct 33 debug1: SSH2_MSG_NEWKEYS sent 34 debug1: expecting SSH2_MSG_NEWKEYS 35 debug1: SSH2_MSG_NEWKEYS received 36 debug1: SSH2_MSG_SERVICE_REQUEST sent 37 debug1: SSH2_MSG_SERVICE_ACCEPT received 38 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password 39 debug1: Next authentication method: gssapi-keyex 40 debug1: No valid Key exchange context 41 debug1: Next authentication method: gssapi-with-mic 42 debug1: Unspecified GSS failure. Minor code may provide more information 43 Credentials cache file '/tmp/krb5cc_0' not found 44 45 debug1: Unspecified GSS failure. Minor code may provide more information 46 Credentials cache file '/tmp/krb5cc_0' not found 47 48 debug1: Unspecified GSS failure. Minor code may provide more information 49 50 51 debug1: Unspecified GSS failure. Minor code may provide more information 52 Credentials cache file '/tmp/krb5cc_0' not found 53 54 debug1: Next authentication method: publickey 55 debug1: Trying private key: /root/.ssh/identity 56 debug1: Offering public key: /root/.ssh/id_rsa 57 debug1: Server accepts key: pkalg ssh-rsa blen 277 58 debug1: read PEM private key done: type RSA 59 debug1: Authentication succeeded (publickey). 60 debug1: channel 0: new [client-session] 61 debug1: Requesting no-more-sessions@openssh.com 62 debug1: Entering interactive session. 63 debug1: channel 0: free: client-session, nchannels 1 64 Connection to localhost closed by remote host. 65 Connection to localhost closed. 66 Transferred: sent 2344, received 2128 bytes, in 0.0 seconds 67 Bytes per second: sent 23187378.7, received 21050657.8 68 debug1: Exit status -1
按照debug的出错信息,我又继续搜索,在这里发现了出现同样问题的帖子,帖子的最后说在更新了yum后问题消失了,我也试了试
1 bash-4.1# yum update
然后再运行ssh localhost
1 bash-4.1# ssh localhost 2 Last login: Fri Dec 5 01:15:04 2014 from localhost 3 -bash-4.1#
一切正常了,问题成功解决。特此记录下排查过程。