无法使用 IPv6 通过 SSH 推送/拉取 bitbucket

Posted 2023-02-22

【中文标题】无法使用 IPv6 通过 SSH 推送/拉取 bitbucket

【英文标题】：Can't push/pull to bitbucket via SSH using IPv6

【发布时间】：2017-08-10 20:37:31

【问题描述】：

当我可以推/拉到 bitbucket 时：

通过 ssh 密钥从我的工作计算机id_rsa_bitbucket_work 从我的笔记本电脑，但仅在通过 ssh 密钥 id_rsa_bitbucket 登录到 *** (Cisco AnyConnect) 时。我的 *** 有一个静态 IP。 始终使用 https。

当我无法推/拉到 bitbucket 时：

通过 ssh 密钥 ida_rsa_bitbucket 随时从我的笔记本电脑连接 ***。 当我不在 *** 上时，从我的工作网络网络上的笔记本电脑，即使我名义上在与 *** 相同的网络上。

我的~/.ssh/config 中的相应条目是：

Host bitbucket
     HostName bitbucket.org
     User git
     IdentityFile ~/.ssh/id_rsa_bitbucket

无论我通过什么网络/***，通过 SSH 连接到 github 存储库始终有效。

我已检查以确保：

我的 SSH 代理正在运行并加载了正确的密钥。 无论 *** 设置如何，我的 SSH 代理都会分发相同的密钥。

ssh -Tv bitbucket 未登录 *** 时的输出为：

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/fcarter/.ssh/config
debug1: /Users/fcarter/.ssh/config line 1: Applying options for bitbucket
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to bitbucket.org [2401:1d80:1010::150] port 22.
debug1: Connection established.
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version conker_1.0.284-7b46313 app-127
debug1: no match: conker_1.0.284-7b46313 app-127
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/fcarter/.ssh/known_hosts:12
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/fcarter/.ssh/id_rsa_bitbucket
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([2401:1d80:1010::150]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 4048, received 1776 bytes, in 10.1 seconds
Bytes per second: sent 401.8, received 176.3
debug1: Exit status -1

它似乎可以连接和验证（通过 IPv6？），但退出并出现错误。

ssh -Tv bitbucket 登录我的 *** 时的输出是：

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/fcarter/.ssh/config
debug1: /Users/fcarter/.ssh/config line 1: Applying options for bitbucket
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to bitbucket.org [2401:1d80:1010::151] port 22.
debug1: connect to address 2401:1d80:1010::151 port 22: Permission denied
debug1: Connecting to bitbucket.org [104.192.143.3] port 22.
debug1: Connection established.
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version conker_1.0.284-7b46313 app-125
debug1: no match: conker_1.0.284-7b46313 app-125
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/fcarter/.ssh/known_hosts:12
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/fcarter/.ssh/id_rsa_bitbucket
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([104.192.143.3]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
logged in as faustin315.

You can use git or hg to connect to Bitbucket. Shell access is disabled.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 4048, received 1984 bytes, in 0.2 seconds
Bytes per second: sent 16284.6, received 7981.4
debug1: Exit status 0

它似乎可以连接和验证（通过 IPv4？），一切都很好。

更新： 在 bitbucket 的网站上找到this issue 后，我尝试将104.192.143.2 bitbucket.org 添加到我的/etc/hosts 文件中。这并没有解决问题。

【参考方案1】：

在获得 Bitbucket 支持的大量帮助后更新：

经过更多研究，问题似乎出在我的路由器端（Linksys E3200），并且在某种程度上与 IPv6 有关。我可以毫无问题地访问仅限 IPv6 的站点，并且在 github 上一切正常（这是因为 github 仅支持 IPv4）。但是，有一些东西被过滤掉了，SSH 需要正常工作。如果我直接插入调制解调器并运行ssh -Tvv bitbucket，它将通过 IPv6 正确验证。

为了解决这个问题（当我购买新路由器时），我通过将AddressFamily inet 添加到我的~/.ssh/config file（感谢：https://***.com/a/35113901/7735643）来强制连接到 bitbucket 以仅使用 IPv4。因此，bitbucket 的更新条目现在显示为：

Host bitbucket
     HostName bitbucket.org
     User git
     IdentityFile ~/.ssh/id_rsa_bitbucket
     AddressFamily inet

【讨论】：

我刚搬家并更换了互联网供应商。这让我非常恼火，感谢您的帮助:)

哇。我花了几个月的时间试图解决这个问题。就我而言，我的猜测是我的 Internet 提供商 (Claro ARG) 在路由器级别阻止了 IPv6 流量。我使用您的解决方案，但我还将 bitbucket.org 添加为具有相同配置的单独主机。谢谢！