当通过sshlogin到我的服务器之一,它只是authentication后挂起。 这是-v的客户端输出。
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to host1 [10.6.27.64] port 22. debug1: Connection established. debug1: identity file /home/user/.ssh/identity type -1 debug1: identity file /home/user/.ssh/id_rsa type 1 debug1: identity file /home/user/.ssh/id_dsa type -1 debug1: loaded 3 keys debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'host1' is known and matches the RSA host key. debug1: Found key in /home/user/.ssh/known_hosts:172 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Next authentication method: publickey debug1: Trying private key: /home/user/.ssh/identity debug1: Offering public key: /home/user/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = C debug1: Sending env LC_ALL = C Last login: Wed May 21 10:24:14 2014 from host2 This machine has been configured with kickstart host1 in bcinf17 in bay 3 in rack D10-Mid
并在服务器上的/var/log/secure我看到这个(幸运我还有一个会议打开):
May 21 10:27:31 host1 sshd[12387]: Accepted publickey for user from 1.1.11.239 port 34135 ssh2 May 21 10:27:31 host1 sshd[12387]: pam_unix(sshd:session): session opened for user user by (uid=0)
所以没有什么明显的错误。 客户端和服务器似乎能够沟通。 /var/log/messages没有任何内容。
大量的磁盘空间。 一些path被挂载(包括家乡地区),但我仍然活动的shell可以访问它们。
我可以连接到其他服务器; 只有这一个有问题。 我已经尝试重新启动sshd 。 sshd的configuration文件看起来像默认,所以没有在那里。 据我所知,最近没有什么变化。
试图运行一个命令( ssh host1 -t bash或-t vi )也似乎挂起,所以不要认为这与我的login脚本有任何关系。
也尝试从同一位置和其他位置的其他主机login,或通过Putty从Windowslogin,并使用密码而不是密钥login。
不知道还有什么地方看,还有什么可以尝试。
这是一个64位的RHEL 6.4服务器。
有几件事情会在SSHvalidation后导致挂起。
但是其中大部分还会带来其他症状(SSH-auth之后的挂起权限只是最明显的症状)
~/.bashrc , ~/.bash_profile , ~/.profile , ~/.kshrc等等 fork()太多subprocess和负载( 1/5/15分 )太高。 如果使用ssh -o GSSAPIAuthentication=no user@host它会直接连接吗?
如果是这样的话,那么系统可能在某个时候决定使用GSSAPI方法。 对我来说,只有一个主机这样做,所以我只是禁用该主机的~/.ssh/config GSSAPI:
Host badHostName GSSAPIAuthentication no