docker ssh

by · 2019年01月22日 · 460 Words · ~1min reading time | Improve on


原文链接: docker ssh

结论: iptables 规则出了问题. 修改iptables规则即可

求教个阿里云专有网络 ssh -v 无法连接的问题:

实验环境:用的是阿里云的主机 ,网络为专有网络
问题描述: 在阿里云专有网络中通过 docker container 执行 ssh -v 连接失败
实验步骤:

  1. 阿里云专有网络的主机直接ssh连接正常ok:
    Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4

  2. 在阿里云的主机启动容器进行ssh连接报错信息Error:
    Local version string SSH-2.0-OpenSSH_7.7
    debug1: ssh_exchange_identification: n
    ssh_exchange_identification: Connection closed by remote host

  3. 在本地启动容器进行ssh连接 OK
    Local version string SSH-2.0-OpenSSH_7.7
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
    debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000

  4. 在阿里云经典网络中启动容器测试OK

  5. 重复第二步,但是换个ip 依然正常OK

抓包

出口抓包:

14:14:03.126035 IP 172.17.0.12.33974 > 111.235.181.129.443: Flags [S], seq 2486092374, win 29200, options [mss 1460,sackOK,TS val 3808120243 ecr 0,nop,wscale 7], length 0
14:14:03.126077 IP 111.235.181.129.443 > 172.17.0.12.33974: Flags [S.], seq 1304780840, ack 2486092375, win 28960, options [mss 1460,sackOK,TS val 2604513236 ecr 3808120243,nop,wscale 7], length 0
14:14:03.126080 IP 111.235.181.129.443 > 172.17.0.12.33974: Flags [S.], seq 1304780840, ack 2486092375, win 28960, options [mss 1460,sackOK,TS val 2604513236 ecr 3808120243,nop,wscale 7], length 0
14:14:03.126094 IP 172.17.0.12.33974 > 111.235.181.129.443: Flags [.], ack 1, win 229, options [nop,nop,TS val 3808120243 ecr 2604513236], length 0
14:14:03.126429 IP 172.17.0.12.33974 > 111.235.181.129.443: Flags [P.], seq 1:22, ack 1, win 229, options [nop,nop,TS val 3808120243 ecr 2604513236], length 21
14:14:03.126442 IP 111.235.181.129.443 > 172.17.0.12.33974: Flags [.], ack 22, win 227, options [nop,nop,TS val 2604513236 ecr 3808120243], length 0
14:14:03.126444 IP 111.235.181.129.443 > 172.17.0.12.33974: Flags [.], ack 22, win 227, options [nop,nop,TS val 2604513236 ecr 3808120243], length 0
14:14:03.126653 IP 111.235.181.129.443 > 172.17.0.12.33974: Flags [P.], seq 1:115, ack 22, win 227, options [nop,nop,TS val 2604513236 ecr 3808120243], length 114
14:14:03.126849 IP 111.235.181.129.443 > 172.17.0.12.33974: Flags [P.], seq 115:152, ack 22, win 227, options [nop,nop,TS val 2604513236 ecr 3808120243], length 37
14:14:03.126851 IP 111.235.181.129.443 > 172.17.0.12.33974: Flags [P.], seq 115:152, ack 22, win 227, options [nop,nop,TS val 2604513236 ecr 3808120243], length 37

Tags:

`