search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
24.59k stars 3.84k forks source link

got ssh_dispatch_run_fatal when connecting to a server using ssh with vision config #2134

Closed VincentSit closed 1 year ago

VincentSit commented 1 year ago

谢谢项目开发/贡献者们的无私奉献。这个问题已经困惑我一段时间了, 使用 xray 就无法使用 ssh, 这是很困扰的事情. 各种搜索尝试都没有解决,有没有大佬知道是哪里的问题?

I've struggled with this issue for awhile. SSH doesn't work with my Xray config. This is quite troubling. Is there a solution?

Server Side

docker-compose.yaml ```yml version: '3.9' services: nginx: image: nginx:stable-alpine network_mode: host container_name: nginx restart: always tty: true volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro xray: image: teddysun/xray container_name: xray tty: true restart: always network_mode: host volumes: - ./config.json:/etc/xray/config.json:ro - /etc/letsencrypt:/etc/letsencrypt:ro ```
Xary config ```json { "log": { "loglevel": "debug" }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "ip": [ "geoip:cn" ], "outboundTag": "block" }, { "type": "field", "domain": [ "openai.com", "ai.com", "ipinfo.io" ], "outboundTag": "ss" } ] }, "inbounds": [ { "listen": "0.0.0.0", // "0.0.0.0" Indicates listening to both IPv4 and IPv6 "port": 8443, // The port on which the server listens "protocol": "vless", "settings": { "clients": [ { "id": "xxx", // User ID, perform xray uuid generation, or a string of 1-30 bytes "flow": "xtls-rprx-vision" } ], "decryption": "none", "fallbacks": [ { "dest": "8001", "xver": 1 }, { "alpn": "h2", "dest": "8002", "xver": 1 } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "rejectUnknownSni": true, "minVersion": "1.2", "certificates": [ { "ocspStapling": 3600, "certificateFile": "/etc/letsencrypt/live/xxx.com/fullchain.pem", // For the certificate file, it is recommended to use fullchain (full SSL certificate chain). If there is only a website certificate, v2rayN can be used but v2rayNG cannot be used. Usually, the extension is not distinguished "keyFile": "/etc/letsencrypt/live/xxx.com/privkey.pem" // private key file } ] } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ], "outbounds": [ { "protocol": "freedom", "tag": "direct" }, { "protocol": "blackhole", "tag": "block" }, { "protocol": "shadowsocks", "tag": "ss", "settings": { "servers": [ { "address": "xxx", "port": 1, "password": "xxx", "method": "xxx" } ] } } ], "policy": { "levels": { "0": { "handshake": 2, // The handshake time limit when the connection is established, in seconds, the default value is 4, it is recommended to be different from the default value "connIdle": 120 // Connection idle time limit in seconds, the default value is 300, it is recommended to be different from the default value } } } } ```
Nginx Config ```nginx config user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; events { worker_connections 1024; } http { log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"'; access_log /var/log/nginx/access.log main; map $http_upgrade $connection_upgrade { default upgrade; "" close; } map $proxy_protocol_addr $proxy_forwarded_elem { ~^[0-9.]+$ "for=$proxy_protocol_addr"; ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\""; default "for=unknown"; } map $http_forwarded $proxy_add_forwarded { "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; default "$proxy_forwarded_elem"; } server { listen 80; listen [::]:80; # IPv6 support return 301 https://$host$request_uri; } server { listen 127.0.0.1:8001 proxy_protocol; listen [::1]:8001 proxy_protocol; # IPv6 support listen 127.0.0.1:8002 http2 proxy_protocol; listen [::1]:8002 http2 proxy_protocol; # IPv6 support set_real_ip_from 127.0.0.1; set_real_ip_from ::1; # IPv6 support location / { sub_filter $proxy_host $host; sub_filter_once off; proxy_pass https://www.lovelive-anime.jp; proxy_set_header Host $proxy_host; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_ssl_server_name on; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header Forwarded $proxy_add_forwarded; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; resolver 1.1.1.1; } } } ```
Server Log (for ssh with key) ```bash root@ABCD-123:~/bypassgfw/xray# docker compose up -d --build --force-recreate [+] Building 0.0s (0/0) [+] Running 2/2 ✔ Container nginx Started 0.5s ✔ Container xray Started 0.5s root@ABCD-123:~/bypassgfw/xray# docker logs -f xray Xray 1.8.1 (Xray, Penetrates Everything.) Custom (go1.20.3 linux/amd64) A unified platform for anti-censorship. 2023/05/24 15:10:16 [Info] infra/conf/serial: Reading config: /etc/xray/config.json 2023/05/24 15:10:16 [Debug] app/log: Logger started 2023/05/24 15:10:16 [Debug] app/router: MphDomainMatcher is enabled for 3 domain rule(s) 2023/05/24 15:10:16 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:8443 2023/05/24 15:10:16 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:8443 2023/05/24 15:10:16 [Warning] core: Xray 1.8.1 started 2023/05/24 15:10:29 [Info] [3923774636] proxy/vless/inbound: firstLen = 65 2023/05/24 15:10:29 [Info] [3923774636] proxy/vless/inbound: received request for tcp:1.2.3.4:22 2023/05/24 15:10:29 [Info] [3923774636] app/dispatcher: default route for tcp:1.2.3.4:22 2023/05/24 15:10:29 [Info] [3923774636] transport/internet/tcp: dialing TCP to tcp:1.2.3.4:22 2023/05/24 15:10:29 [Debug] transport/internet: dialing to tcp:1.2.3.4:22 2023/05/24 15:10:29 183.15.176.30:59156 accepted tcp:1.2.3.4:22 [direct] 2023/05/24 15:10:29 [Info] [3923774636] proxy/freedom: connection opened to tcp:1.2.3.4:22, local endpoint my-server-v4-ip:36192, remote endpoint 1.2.3.4:22 2023/05/24 15:10:29 [Info] [3923774636] proxy/vless/encoding: XtlsPadding 21 226 0 2023/05/24 15:10:29 [Info] [3923774636] proxy/vless/encoding: XtlsPadding 1280 12 0 2023/05/24 15:10:29 [Info] [3923774636] proxy/vless/encoding: XtlsPadding 292 196 0 2023/05/24 15:10:29 [Info] [3923774636] proxy/vless/encoding: XtlsFilterTls stop filtering44 2023/05/24 15:10:29 [Info] [3923774636] proxy/vless/encoding: XtlsPadding 44 207 1 ```

Client Side

Xary config ```json { "log": { "loglevel": "debug", "access": "/tmp/xray_access.log", "error": "/tmp/xray_error.log" }, "inbounds": [ { "listen": "0.0.0.0", // Fill in 0.0.0.0 to allow connections from LAN "port": 10808, // local socks listening port "protocol": "socks", "settings": { "udp": true }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } }, { "listen": "0.0.0.0", // Fill in "0.0.0.0" to allow connections from LAN "port": 10809, // Local http listening port "protocol": "http", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ], "outbounds": [ { "protocol": "vless", "settings": { "vnext": [ { "address": "my-server-ipv4-address", // Address, domain name or IP of the server "port": 8443, // Port, consistent with the server "users": [ { "id": "xxx", // User ID, consistent with the server "encryption": "none", "flow": "xtls-rprx-vision" } ] } , { "address": "my-server-ipv6-address", // Address, domain name or IP of the server "port": 8443, // Port, consistent with the server "users": [ { "id": "xxx", // User ID, consistent with the server "encryption": "none", "flow": "xtls-rprx-vision" } ] } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "serverName": "xxx.com", // SNI, if "address" is filled with the domain name of the server, it can be left blank. If "address" is filled with the IP of the server, fill in the domain name contained in the certificate of the server here "allowInsecure": false, "fingerprint": "chrome" // Used to configure the fingerprint of the specified TLS Client Hello, Xray will simulate the TLS fingerprint through the uTLS library, or generate it randomly } }, "tag": "proxy" }, { "protocol": "freedom", "tag": "direct" }, { "protocol": "blackhole", "tag": "block" } ] } ```
Xray error log ```bash 2023/05/24 15:10:27 [Info] [2031006176] proxy/socks: TCP Connect request to tcp:1.2.3.4:22 2023/05/24 15:10:27 [Info] [2031006176] app/dispatcher: default route for tcp:1.2.3.4:22 2023/05/24 15:10:27 [Info] [2031006176] transport/internet/tcp: dialing TCP to tcp:my-server-ipv4-ip:my-server-ipv4-port 2023/05/24 15:10:27 [Debug] transport/internet: dialing to tcp:my-server-ipv4-ip:my-server-ipv4-port 2023/05/24 15:10:27 [Info] [2031006176] proxy/vless/outbound: tunneling request to tcp:1.2.3.4:22 via my-server-ipv4-ip:my-server-ipv4-port 2023/05/24 15:10:28 [Info] [2031006176] proxy/vless/encoding: Xtls Unpadding new block0 16 content 21 padding 226 0 2023/05/24 15:10:28 [Info] [2031006176] proxy/vless/encoding: Xtls Unpadding new block0 0 content 1280 padding 12 0 2023/05/24 15:10:28 [Info] [2031006176] proxy/vless/encoding: Xtls Unpadding new block0 0 content 292 padding 196 0 2023/05/24 15:10:28 [Info] [2031006176] proxy/vless/encoding: XtlsFilterTls stop filtering44 2023/05/24 15:10:29 [Info] [2031006176] app/proxyman/inbound: connection ends > proxy/socks: connection ends > context canceled ```
Xray access log ```bash 2023/05/24 15:10:27 tcp:127.0.0.1:59154 accepted tcp:1.2.3.4:22 [proxy] ```
SSH with key ```bash Last login: Wed May 24 14:55:23 on ttys002 ➜ tmp ssh -vvv -F /dev/null -i ~/path/to/my-pri-key root@1.2.3.4 OpenSSH_9.0p1, LibreSSL 3.3.6 debug1: Reading configuration data /dev/null debug2: resolve_canonicalize: hostname 1.2.3.4 is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/my-user/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/my-user/.ssh/known_hosts2' debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug3: ssh_connect_direct: entering debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22. debug3: set_sock_tos: set socket 3 IP_TOS 0x48 debug1: Connection established. debug1: identity file /Users/my-user/path/to/my-pri-key type 3 debug1: identity file /Users/my-user/path/to/my-pri-key-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.0 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.1 debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.1 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 1.2.3.4:22 as 'root' debug3: record_hostkey: found key type ED25519 in file /Users/my-user/.ssh/known_hosts:82 debug3: record_hostkey: found key type RSA in file /Users/my-user/.ssh/known_hosts:83 debug3: record_hostkey: found key type ECDSA in file /Users/my-user/.ssh/known_hosts:84 debug3: load_hostkeys_file: loaded 3 keys from 1.2.3.4 debug1: load_hostkeys: fopen /Users/my-user/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-ed25519 SHA256:qiBc3ABvETuEihIYqB8CkMIDaLKwUyfyhxb7FRUb/Eg debug3: record_hostkey: found key type ED25519 in file /Users/my-user/.ssh/known_hosts:82 debug3: record_hostkey: found key type RSA in file /Users/my-user/.ssh/known_hosts:83 debug3: record_hostkey: found key type ECDSA in file /Users/my-user/.ssh/known_hosts:84 debug3: load_hostkeys_file: loaded 3 keys from 1.2.3.4 debug1: load_hostkeys: fopen /Users/my-user/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: Host '1.2.3.4' is known and matches the ED25519 host key. debug1: Found key in /Users/my-user/.ssh/known_hosts:82 debug3: send packet: type 21 debug2: ssh_set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: ssh_set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: get_agent_identities: bound agent to hostkey debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities debug1: Will attempt key: /Users/my-user/path/to/my-pri-key ED25519 SHA256:F3ypUuQaepsEgtxFUEtk+iFlfgMh7tQ+Syj/pjdxDW8 explicit debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0> Bad packet length 2190863375. debug3: send packet: type 1 ssh_dispatch_run_fatal: Connection to 1.2.3.4 port 22: Connection corrupted ➜ tmp ```
SSH with password ```bash ➜ /tmp ssh -vvv -F /dev/null root@1.2.3.4 OpenSSH_9.0p1, LibreSSL 3.3.6 debug1: Reading configuration data /dev/null debug2: resolve_canonicalize: hostname 1.2.3.4 is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/my-user/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/my-user/.ssh/known_hosts2' debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug3: ssh_connect_direct: entering debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22. debug3: set_sock_tos: set socket 3 IP_TOS 0x48 debug1: Connection established. debug1: identity file /Users/my-user/.ssh/id_rsa type 0 debug1: identity file /Users/my-user/.ssh/id_rsa-cert type -1 debug1: identity file /Users/my-user/.ssh/id_ecdsa type -1 debug1: identity file /Users/my-user/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/my-user/.ssh/id_ecdsa_sk type -1 debug1: identity file /Users/my-user/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /Users/my-user/.ssh/id_ed25519 type -1 debug1: identity file /Users/my-user/.ssh/id_ed25519-cert type -1 debug1: identity file /Users/my-user/.ssh/id_ed25519_sk type -1 debug1: identity file /Users/my-user/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /Users/my-user/.ssh/id_xmss type -1 debug1: identity file /Users/my-user/.ssh/id_xmss-cert type -1 debug1: identity file /Users/my-user/.ssh/id_dsa type -1 debug1: identity file /Users/my-user/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.0 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.1 debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.1 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 1.2.3.4:22 as 'root' debug3: record_hostkey: found key type ED25519 in file /Users/my-user/.ssh/known_hosts:132 debug3: record_hostkey: found key type RSA in file /Users/my-user/.ssh/known_hosts:133 debug3: record_hostkey: found key type ECDSA in file /Users/my-user/.ssh/known_hosts:134 debug3: load_hostkeys_file: loaded 3 keys from 1.2.3.4 debug1: load_hostkeys: fopen /Users/my-user/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-ed25519 SHA256:CjwS7YuTIJaMspi1dgXjDzhd7N3cG5rUBPWC+yTXdHo debug3: record_hostkey: found key type ED25519 in file /Users/my-user/.ssh/known_hosts:132 debug3: record_hostkey: found key type RSA in file /Users/my-user/.ssh/known_hosts:133 debug3: record_hostkey: found key type ECDSA in file /Users/my-user/.ssh/known_hosts:134 debug3: load_hostkeys_file: loaded 3 keys from 1.2.3.4 debug1: load_hostkeys: fopen /Users/my-user/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: Host '1.2.3.4' is known and matches the ED25519 host key. debug1: Found key in /Users/my-user/.ssh/known_hosts:132 debug3: send packet: type 21 debug2: ssh_set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: ssh_set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: get_agent_identities: bound agent to hostkey debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities debug1: Will attempt key: /Users/my-user/.ssh/id_rsa RSA SHA256:iEYHynSfhrCx1HMMU6v1QkqJq1GAG2fD3o8/T8EMhkA debug1: Will attempt key: /Users/my-user/.ssh/id_ecdsa debug1: Will attempt key: /Users/my-user/.ssh/id_ecdsa_sk debug1: Will attempt key: /Users/my-user/.ssh/id_ed25519 debug1: Will attempt key: /Users/my-user/.ssh/id_ed25519_sk debug1: Will attempt key: /Users/my-user/.ssh/id_xmss debug1: Will attempt key: /Users/my-user/.ssh/id_dsa debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0> Bad packet length 1735466478. debug3: send packet: type 1 ssh_dispatch_run_fatal: Connection to 1.2.3.4 port 22: Connection corrupted ➜ /tmp ```
yuhan6665 commented 1 year ago

你的client 版本是?

aabbccgg commented 1 year ago

某个170还是以下的版本有这个bug,最新的1.7.5release是正常的,建议c/s都升级一下内核试试?

VincentSit commented 1 year ago

你的client 版本是?

你好,如下:


➜  arch
arm64

➜  sw_vers
ProductName:        macOS
ProductVersion:     13.4
BuildVersion:       22F66

➜  which xray
/opt/homebrew/bin/xray

➜  xray --version
Xray 1.7.5 (Xray, Penetrates Everything.) Custom (go1.20.1 darwin/arm64)
A unified platform for anti-censorship.
VincentSit commented 1 year ago

@yuhan6665 @aabbccgg 谢谢,我试了 1.8.0 和之后的版本中都已经修复了这个问题了。因为我用的 homebrew 装的,没有注意到 pre-release 版本,再次感谢。