问题
I tried to ssh from docker container to internet, it just stuck without exit and error. So, i run debug session on ssh server with “/usr/sbin/sshd -d -D -p 222” this is log from ssh server
debug1: Bind to port 222 on 0.0.0.0.
Server listening on 0.0.0.0 port 222.
debug1: Bind to port 222 on ::.
Server listening on :: port 222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3 Connection from 103.17.54.193 port 45677 on 128.199.127.170 port 222
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: permanently_set_uid: 104/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com zlib@openssh.com [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com zlib@openssh.com [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
and than, i run ssh client “ssh -v -C -A -X -p 222 root@server_host” from docker container. This is log from ssh client
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 5: Applying options for *
debug1: /root/.ssh/config line 8: Applying options for *
debug1: /root/.ssh/config line 11: Applying options for *
debug1: /root/.ssh/config line 14: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 128.199.127.170 [128.199.127.170] port 222.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
From ssh server's log we can see that ssh server looking for SSH2_MSG_KEX_ECDH_INIT but ssh client didn't sent any. But when i tried to run the same docker image on another host, everythings work flawlessly, i can ssh from docker container to the same ssh server. So, i guess this is have something to do with this particullar docker service in this host.
This is docker inspect of the docker container
Can somebody tell me what's going on ? And how to solve it(if posible) ?
回答1:
From the inspect, you do not seem to have proper bridge network (default docker network) in place for this host. Your Gateway and IPAddress seems to be empty.
You should ensure the following:
- You have a working default docker interface on your host and it has got an IP assigned to it.
[anovil@ubuntu-anovil ~]$ ip addr |grep docker 4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default inet 172.17.0.1/16 scope global docker0 27: veth6c3addd@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default [anovil@ubuntu-anovil ~]$ - You could verify if you container has right interfaces. With
ifconfigif you get an IP for your container inside your container. Alternatively you could also start your container withdocker run --net host ......option to get all the interfaces of your host available to the container. This is just for testing, not recommended for actual use.
You can list the available networks with docker network ls and try with other networks (name) from the list.
Hope this helps and let us know how it goes :)
Thanks, - Anoop
来源:https://stackoverflow.com/questions/36278341/ssh-from-docker-container-to-internet-got-stuck-and-no-errors-produced