paramiko连接时出现Error reading SSH protocol banner

dalin

新接手了一批服务器，用了不同的账号和密码，都不知道哪个机器用了哪个账号和密码，于是用Paramiko遍历了一下各种账号密码组合。绝大部分都是OK的，但是我发现我部分机器用paramiko连接的时候会报Error reading SSH protocol banner异常。于是我手工用ssh连接测试，发现却是OK的，加了-vvv参数看看，发现跟那些可以用paramiko连接的机器没什么区别，网上也没找到相关的信息，不知道为什么。报这个异常的机器IP跟正常的机器IP是同一个C段，操作系统版本也一样(centos 6)。最奇怪的是，虽然绝大部分时候是会报这个异常，但偶尔也会成功。测试的代码如下（用了threading多线程调用这个函数）：

1. def test_ssh(host, user, password):
   
2.     ssh = paramiko.SSHClient()
   
3.     ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
   
4.     try:
   
5.         ssh.connect(host, 22, user, password, timeout=20)
   
6.         print "%s\t%s\t%s\n" % (host, user, password)
   
7.     except Exception,e:
   
8.         print "%s:%s@%s--%s:%s" % (user,password,host,e.__class__, e)
   
9.     finally:
   
10.         ssh.close()

复制代码

ssh -vvv的结果前几行如下：

1. [root@Admin dalin]# ssh -vvv test@192.168.xx.xx
   
2. OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
   
3. debug1: Reading configuration data /etc/ssh/ssh_config
   
4. debug1: Applying options for *
   
5. debug2: ssh_connect: needpriv 0
   
6. debug1: Connecting to 192.168.xx.xx [192.168.xx.xx] port 22.
   
7. debug1: Connection established.
   
8. debug1: permanently_set_uid: 0/0
   
9. debug1: identity file /root/.ssh/identity type -1
   
10. debug1: identity file /root/.ssh/identity-cert type -1
    
11. debug3: Not a RSA1 key file /root/.ssh/id_rsa.
    
12. debug2: key_type_from_name: unknown key type '-----BEGIN'

复制代码

wenhq

ssh -vvv 日志多贴下

dalin

1. [yzj@Admin ~]$ ssh -vvv test@192.168.1.123
   
2. OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
   
3. debug1: Reading configuration data /etc/ssh/ssh_config
   
4. debug1: Applying options for *
   
5. debug2: ssh_connect: needpriv 0
   
6. debug1: Connecting to 192.168.1.123 [192.168.1.123] port 22.
   
7. debug1: Connection established.
   
8. debug1: identity file /home/yzj/.ssh/identity type -1
   
9. debug1: identity file /home/yzj/.ssh/identity-cert type -1
   
10. debug1: identity file /home/yzj/.ssh/id_rsa type -1
    
11. debug1: identity file /home/yzj/.ssh/id_rsa-cert type -1
    
12. debug1: identity file /home/yzj/.ssh/id_dsa type -1
    
13. debug1: identity file /home/yzj/.ssh/id_dsa-cert type -1
    
14. debug1: identity file /home/yzj/.ssh/id_ecdsa type -1
    
15. debug1: identity file /home/yzj/.ssh/id_ecdsa-cert type -1
    
16. debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
    
17. debug1: match: OpenSSH_4.3 pat OpenSSH_4*
    
18. debug1: Enabling compatibility mode for protocol 2.0
    
19. debug1: Local version string SSH-2.0-OpenSSH_5.3
    
20. debug2: fd 3 setting O_NONBLOCK
    
21. debug1: SSH2_MSG_KEXINIT sent
    
22. debug3: Wrote 960 bytes for a total of 981
    
23. debug1: SSH2_MSG_KEXINIT received
    
24. debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    
25. debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
    
26. debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    
27. debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    
28. debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    
29. debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    
30. debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    
31. debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    
32. debug2: kex_parse_kexinit:
    
33. debug2: kex_parse_kexinit:
    
34. debug2: kex_parse_kexinit: first_kex_follows 0
    
35. debug2: kex_parse_kexinit: reserved 0
    
36. debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    
37. debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    
38. debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    
39. debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    
40. debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    
41. debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    
42. debug2: kex_parse_kexinit: none,zlib@openssh.com
    
43. debug2: kex_parse_kexinit: none,zlib@openssh.com
    
44. debug2: kex_parse_kexinit:
    
45. debug2: kex_parse_kexinit:
    
46. debug2: kex_parse_kexinit: first_kex_follows 0
    
47. debug2: kex_parse_kexinit: reserved 0
    
48. debug2: mac_setup: found hmac-md5
    
49. debug1: kex: server->client aes128-ctr hmac-md5 none
    
50. debug2: mac_setup: found hmac-md5
    
51. debug1: kex: client->server aes128-ctr hmac-md5 none
    
52. debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    
53. debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    
54. debug3: Wrote 24 bytes for a total of 1005
    
55. debug2: dh_gen_key: priv key bits set: 130/256
    
56. debug2: bits set: 518/1024
    
57. debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    
58. debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    
59. debug3: Wrote 144 bytes for a total of 1149
    
60. debug3: check_host_in_hostfile: host 192.168.1.123 filename /home/yzj/.ssh/known_hosts
    
61. debug3: check_host_in_hostfile: host 192.168.1.123 filename /home/yzj/.ssh/known_hosts
    
62. debug3: check_host_in_hostfile: match line 1
    
63. debug1: Host '192.168.1.123' is known and matches the RSA host key.
    
64. debug1: Found key in /home/yzj/.ssh/known_hosts:1
    
65. debug2: bits set: 508/1024
    
66. debug1: ssh_rsa_verify: signature correct
    
67. debug2: kex_derive_keys
    
68. debug2: set_newkeys: mode 1
    
69. debug1: SSH2_MSG_NEWKEYS sent
    
70. debug1: expecting SSH2_MSG_NEWKEYS
    
71. debug3: Wrote 16 bytes for a total of 1165
    
72. debug2: set_newkeys: mode 0
    
73. debug1: SSH2_MSG_NEWKEYS received
    
74. debug1: SSH2_MSG_SERVICE_REQUEST sent
    
75. debug3: Wrote 48 bytes for a total of 1213
    
76. debug2: service_accept: ssh-userauth
    
77. debug1: SSH2_MSG_SERVICE_ACCEPT received
    
78. debug2: key: /home/yzj/.ssh/identity ((nil))
    
79. debug2: key: /home/yzj/.ssh/id_rsa ((nil))
    
80. debug2: key: /home/yzj/.ssh/id_dsa ((nil))
    
81. debug2: key: /home/yzj/.ssh/id_ecdsa ((nil))
    
82. debug3: Wrote 64 bytes for a total of 1277
    
83. debug1: Authentications that can continue: publickey,gssapi-with-mic,password
    
84. debug3: start over, passed a different list publickey,gssapi-with-mic,password
    
85. debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    
86. debug3: authmethod_lookup gssapi-with-mic
    
87. debug3: remaining preferred: publickey,keyboard-interactive,password
    
88. debug3: authmethod_is_enabled gssapi-with-mic
    
89. debug1: Next authentication method: gssapi-with-mic
    
90. debug3: Trying to reverse map address 192.168.1.123.
    
91. debug1: Unspecified GSS failure.  Minor code may provide more information
    
92. Cannot determine realm for numeric host address
    
93. 
    
94. debug1: Unspecified GSS failure.  Minor code may provide more information
    
95. Cannot determine realm for numeric host address
    
96. 
    
97. debug1: Unspecified GSS failure.  Minor code may provide more information
    
98. 
    
99. 
    
100. debug1: Unspecified GSS failure.  Minor code may provide more information
     
101. Cannot determine realm for numeric host address
     
102. 
     
103. debug2: we did not send a packet, disable method
     
104. debug3: authmethod_lookup publickey
     
105. debug3: remaining preferred: keyboard-interactive,password
     
106. debug3: authmethod_is_enabled publickey
     
107. debug1: Next authentication method: publickey
     
108. debug1: Trying private key: /home/yzj/.ssh/identity
     
109. debug3: no such identity: /home/yzj/.ssh/identity
     
110. debug1: Trying private key: /home/yzj/.ssh/id_rsa
     
111. debug3: no such identity: /home/yzj/.ssh/id_rsa
     
112. debug1: Trying private key: /home/yzj/.ssh/id_dsa
     
113. debug3: no such identity: /home/yzj/.ssh/id_dsa
     
114. debug1: Trying private key: /home/yzj/.ssh/id_ecdsa
     
115. debug3: no such identity: /home/yzj/.ssh/id_ecdsa
     
116. debug2: we did not send a packet, disable method
     
117. debug3: authmethod_lookup password
     
118. debug3: remaining preferred: ,password
     
119. debug3: authmethod_is_enabled password
     
120. debug1: Next authentication method: password
     
121. test@192.168.1.123's password:
     
122. debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
     
123. debug2: we sent a password packet, wait for reply
     
124. debug3: Wrote 144 bytes for a total of 1421
     
125. debug1: Authentication succeeded (password).
     
126. debug1: channel 0: new [client-session]
     
127. debug3: ssh_session2_open: channel_new: 0
     
128. debug2: channel 0: send open
     
129. debug1: Entering interactive session.
     
130. debug3: Wrote 64 bytes for a total of 1485
     
131. debug2: callback start
     
132. debug2: client_session2_setup: id 0
     
133. debug2: channel 0: request pty-req confirm 1
     
134. debug1: Sending environment.
     
135. debug3: Ignored env HOSTNAME
     
136. debug3: Ignored env SHELL
     
137. debug3: Ignored env TERM
     
138. debug3: Ignored env HISTSIZE
     
139. debug3: Ignored env USER
     
140. debug3: Ignored env LS_COLORS
     
141. debug3: Ignored env MAIL
     
142. debug3: Ignored env PATH
     
143. debug3: Ignored env PWD
     
144. debug1: Sending env LANG = en_US.UTF-8
     
145. debug2: channel 0: request env confirm 0
     
146. debug3: Ignored env HISTCONTROL
     
147. debug3: Ignored env SHLVL
     
148. debug3: Ignored env HOME
     
149. debug3: Ignored env LOGNAME
     
150. debug3: Ignored env LESSOPEN
     
151. debug3: Ignored env G_BROKEN_FILENAMES
     
152. debug3: Ignored env _
     
153. debug2: channel 0: request shell confirm 1
     
154. debug2: fd 3 setting TCP_NODELAY
     
155. debug2: callback done
     
156. debug2: channel 0: open confirm rwindow 0 rmax 32768
     
157. debug3: Wrote 448 bytes for a total of 1933
     
158. debug2: channel_input_status_confirm: type 99 id 0
     
159. debug2: PTY allocation request accepted on channel 0
     
160. debug2: channel 0: rcvd adjust 2097152
     
161. debug2: channel_input_status_confirm: type 99 id 0
     
162. debug2: shell request accepted on channel 0
     
163. Last login: Tue Jan 20 09:11:36 2015 from 192.168.1.20

复制代码

wenhq

ssh 手动上去了啊。但是paramiko的日志能否也提供一下呢。

zzfzqq

控制下线程数量 如果线程数量太多 ssh就会报错。 建议线程数在10个左右就ok。

Linux_manne

我觉得是线程的关系  你开了几个线程？