为什么 scp 在并行执行多个 scp 时偶尔会失败?
Why does scp sporadically fail, when doing multiple scps in parallel?
我有一个小型应用程序,它试图执行十几个并行 "scp" 运行s,从远程系统中提取文件。通常,它 运行 没问题。
有时,一两个 scp 运行 悄悄死去。
("quiet" 如果从 Linux 拉取。如果从 HP-UX 拉取,我收到一条消息
例如连接被对等方重置。)
如果我将“-v”添加到我的 scp 命令中,那么当出现故障时,我会发现我
获得 "ssh_exchange_identification: read: Connection reset by peer"
(在 Linux 上 ... 还没有在 HP-UX 上尝试过 -v)。
这是典型 运行 的 "scp -v" 输出,'bad'
运行 和 'good' 运行 分歧表明:
Executing: program /usr/bin/ssh host wilbur, user (unspecified), command scp -v -p -f /home/sieler/source/misc/[p-q]*.[ch]
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug1: Connecting to wilbur [10.84.3.61] port 22.
debug1: Connection established.
debug1: identity file /Users/sieler/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
'bad'和'good'运行匹配到这里,那么...
差:
ssh_exchange_identification: read: Connection reset by peer
好:
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to wilbur:22 as 'sieler'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64@openssh.com none
debug1: kex: client->server aes128-ctr umac-64@openssh.com none
...
虽然脚本和 scp 运行s 的常用主机是 Mac, 运行ning OS X 10.11.4,但问题已重现to/from几种组合
Mac/Linux/HP-UX(足以排除它是 Mac 或 HP-UX 特定问题)。
IIRC,使用scp从Linux拉到Mac有问题,
以及从 HP-UX 拉到 Mac,从 Linux 拉到 HP-UX。
还没有尝试从 Mac 或 HP-UX 拉到 Linux.
scp/ssh/openssh 并行使用有时会失败吗?
如果我运行sshd在Linux系统上用-ddd,然后恶魔停止后
第一个 scp 访问它( scp 没有问题),
其他十一个 scp 运行 失败了。
谢谢
这可能是由于 sshd_config 中并行会话的限制造成的。默认情况下,服务器配置为执行“随机早期丢弃”,这意味着如果活动量大于某个限制,则拒绝新连接。负责的选项是 MaxStartups(来自 man sshd_config):
MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10:30:100.
Alternatively, random early drop can be enabled by specifying the three colon separated values “start:rate:full” (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of “rate/100” (30%) if there are currently “start” (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches “full” (60).
将该值设置为大于您预期的连接数应该可以解决您的问题。否则,您可以在 sshd_config 中设置 LogLevel DEBUG3 以在系统日志中查看更多日志。
但是当您连接到同一台服务器时,最好使用连接多路复用。它会更快,你不会有这些问题。查看 ssh_config 中的 ControlMaster 选项或只查看 以快速游览这个“魔法”。
我有一个小型应用程序,它试图执行十几个并行 "scp" 运行s,从远程系统中提取文件。通常,它 运行 没问题。 有时,一两个 scp 运行 悄悄死去。 ("quiet" 如果从 Linux 拉取。如果从 HP-UX 拉取,我收到一条消息 例如连接被对等方重置。)
如果我将“-v”添加到我的 scp 命令中,那么当出现故障时,我会发现我 获得 "ssh_exchange_identification: read: Connection reset by peer" (在 Linux 上 ... 还没有在 HP-UX 上尝试过 -v)。
这是典型 运行 的 "scp -v" 输出,'bad' 运行 和 'good' 运行 分歧表明:
Executing: program /usr/bin/ssh host wilbur, user (unspecified), command scp -v -p -f /home/sieler/source/misc/[p-q]*.[ch]
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug1: Connecting to wilbur [10.84.3.61] port 22.
debug1: Connection established.
debug1: identity file /Users/sieler/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
'bad'和'good'运行匹配到这里,那么...
差:
ssh_exchange_identification: read: Connection reset by peer
好:
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to wilbur:22 as 'sieler'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64@openssh.com none
debug1: kex: client->server aes128-ctr umac-64@openssh.com none
...
虽然脚本和 scp 运行s 的常用主机是 Mac, 运行ning OS X 10.11.4,但问题已重现to/from几种组合 Mac/Linux/HP-UX(足以排除它是 Mac 或 HP-UX 特定问题)。
IIRC,使用scp从Linux拉到Mac有问题,
以及从 HP-UX 拉到 Mac,从 Linux 拉到 HP-UX。
还没有尝试从 Mac 或 HP-UX 拉到 Linux.
scp/ssh/openssh 并行使用有时会失败吗?
如果我运行sshd在Linux系统上用-ddd,然后恶魔停止后
第一个 scp 访问它( scp 没有问题),
其他十一个 scp 运行 失败了。
谢谢
这可能是由于 sshd_config 中并行会话的限制造成的。默认情况下,服务器配置为执行“随机早期丢弃”,这意味着如果活动量大于某个限制,则拒绝新连接。负责的选项是 MaxStartups(来自 man sshd_config):
MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the
LoginGraceTimeexpires for a connection. The default is 10:30:100.Alternatively, random early drop can be enabled by specifying the three colon separated values “start:rate:full” (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of “rate/100” (30%) if there are currently “start” (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches “full” (60).
将该值设置为大于您预期的连接数应该可以解决您的问题。否则,您可以在 sshd_config 中设置 LogLevel DEBUG3 以在系统日志中查看更多日志。
但是当您连接到同一台服务器时,最好使用连接多路复用。它会更快,你不会有这些问题。查看 ssh_config 中的 ControlMaster 选项或只查看