SSHを使用してDockerコンテナからサーバーにアクセスできますが、特定のコマンド(例ps aux:catなど)によってセッションがハングします。 Ctrl-cを使用してセッションを閉じる必要があります。同じコンテナで再試行すると正常に動作します。
例は次のとおりです。
$ docker run --rm -it debian:buster bash
$ apt update && apt install -y openssh-client # Install ssh
$ ssh [email protected] -o LogLevel=Debug ps aux
# The session is stuck. I have to Ctrl-c
$ ssh [email protected] -o LogLevel=Debug ps aux
# This time it works.
ネットワーク「ホスト」を使用するとdocker run --rm -it --network=host debian:buster bash正常に動作します。
以下はデバッグトレースです(匿名)。
root@9995e92fead2:/# ssh [email protected] -o LogLevel=Debug ps aux
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to staging.website.net [1.1.1.1] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1
debug1: match: OpenSSH_7.4p1 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to staging.website.net:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fmERO2EkCT5DDL/dFFbQayx9RmQLgEGrTvC3Z2sOIpU
The authenticity of host 'staging.website.net (1.1.1.1)' can't be established.
ECDSA key fingerprint is SHA256:fmERO2EkCT5DDL/dFFbQayx9RmQLgEGrTvC3Z2sOIpU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'staging.website.net,1.1.1.1' (ECDSA) to the list of known hosts.
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
debug1: Server accepts key: /root/.ssh/id_rsa RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
debug1: Authentication succeeded (publickey).
Authenticated to staging.website.net ([1.1.1.1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending environment.
debug1: Sending command: ps aux
以下はサーバー側のログです。
sshd[34224]: rexec line 14: Deprecated option KeyRegenerationInterval
sshd[34224]: rexec line 23: Deprecated option RSAAuthentication
sshd[34224]: rexec line 24: Deprecated option RhostsRSAAuthentication
sshd[34224]: rexec line 25: Deprecated option ServerKeyBits
sshd[34224]: Connection from 1.1.1.1 port 37812 on 1.1.1.1 port 22
sshd[34224]: reprocess config line 23: Deprecated option RSAAuthentication
sshd[34224]: reprocess config line 24: Deprecated option RhostsRSAAuthentication
sshd[34224]: Postponed publickey for user from 1.1.1.1 port 37812 ssh2 [preauth]
audit[34224]: USER_ACCT pid=34224 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34224]: Accepted publickey for user from 1.1.1.1 port 37812 ssh2: RSA SHA256:NCS0LKTNdJHrVVdbIOnfTDGxgxsLAx4Uqz1xBCJ3wGg
audit[34224]: CRED_ACQ pid=34224 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34224]: pam_unix(sshd:session): session opened for user user by (uid=0)
audit[34224]: USER_START pid=34224 uid=0 auid=2000 ses=34235 msg='op=PAM:session_open acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34224]: User child is on pid 34285
audit[34285]: CRED_ACQ pid=34285 uid=0 auid=2000 ses=34235 msg='op=PAM:setcred acct="user" exe="/usr/sbin/sshd" hostname=1.1.1.1 addr=1.1.1.1 terminal=ssh res=success'
sshd[34285]: Starting session: command for user from 1.1.1.1 port 37812 id 0
私はそれについて特別なことを見ていません。
一部のサーバーでは機能するため、サーバー側に構成があるようです。
どうすれば解決できますか?
編集する
ServerAliveInterval私はsumの値を変更し、ServerAliveCountMax次のような結果を得ました。
Timeout, server website not responding.
ベストアンサー1
私も同じ問題があります。突然DockerコンテナのSSH接続が動作を停止しました。ただし、「ホスト」ネットワークを使用してコンテナを作成すると機能します。 UbuntuとCentosの画像を使ってみました。