我试图从docker容器ssh到internet, 它只是卡住没有退出和错误。 所以,我在ssh服务器上使用“/ usr / sbin / sshd -d -D -p 222”运行调试会话 这是来自ssh服务器的日志
debug1: Bind to port 222 on 0.0.0.0.
Server listening on 0.0.0.0 port 222.
debug1: Bind to port 222 on ::.
Server listening on :: port 222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3 Connection from 103.17.54.193 port 45677 on 128.199.127.170 port 222
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: permanently_set_uid: 104/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com zlib@openssh.com [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com zlib@openssh.com [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
而且,我从docker容器运行ssh客户端“ssh -v -C -A -X -p 222 root @ server_host”。 这是来自ssh客户端的日志
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 5: Applying options for *
debug1: /root/.ssh/config line 8: Applying options for *
debug1: /root/.ssh/config line 11: Applying options for *
debug1: /root/.ssh/config line 14: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 128.199.127.170 [128.199.127.170] port 222.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
从ssh服务器的日志中我们可以看到ssh服务器正在寻找SSH2_MSG_KEX_ECDH_INIT但是ssh客户端没有发送任何内容。 但是当我试图在另一台主机上运行相同的docker镜像时,每一件事都能完美地工作,我可以从docker容器ssh到同一个ssh服务器。所以,我想这与这个主机中的这个特殊的docker服务有关。
的码头检查有人可以告诉我发生了什么事吗?以及如何解决它(如果可行)?
答案 0 :(得分:0)
从检查中,您似乎没有适合此主机的桥接网络(默认泊坞网络)。您的Gateway
和IPAddress
似乎是空的。
您应该确保以下内容:
[anovil@ubuntu-anovil ~]$ ip addr |grep docker
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
inet 172.17.0.1/16 scope global docker0
27: veth6c3addd@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
[anovil@ubuntu-anovil ~]$
ifconfig
。或者,您也可以使用docker run --net host ......
选项启动容器,以使主机的所有接口都可用于容器。这仅用于测试,不建议用于实际使用。 您可以列出docker network ls
的可用网络,并尝试使用列表中的其他网络(名称)。
希望这会有所帮助,让我们知道它是怎么回事:)
谢谢, - Anoop