什么可以阻止 ssh 重新附加到远程服务器上现有的“屏幕”会话?

tag-icon tag-icon ssh gnu-screen tty
什么可以阻止 ssh 重新附加到远程服务器上现有的“屏幕”会话?

什么会阻止以下命令重新附加到远程服务器上的现有屏幕会话?

ssh -t server2 "screen -dr admin"

机器 server1 和 server2 都有名为 '行政' 跑步。在 server1 上,该命令完美运行,重新附加到 '行政' 屏幕会话。但是,当在 server2 上尝试相同操作时,连接将关闭并显示以下消息:

"screen" isn't allowed to be executed.
Connection to server2 closed.

server1/var/log/auth.log成功重新连接到屏幕会话:

Jul 13 04:40:02 server1 sshd[3995]: Accepted publickey for dbkeys from 192.168.1.170 port 52434 ssh2: RSA a4:41:1e:62:66:33:35:5f:b0:d4:a7:cd:d9:b1:20:0d
Jul 13 04:40:02 server1 sshd[3995]: pam_unix(sshd:session): session opened for user dbkeys by (uid=0)
Jul 13 04:40:02 server1 systemd-logind[1144]: Removed session 9.
Jul 13 04:40:02 server1 systemd-logind[1144]: New session 10 of user dbkeys

server1 正在运行 Linux Mint 17.3

server1 # uname -a
Linux server1 3.19.0-32-generic #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
server1 # cat /etc/issue
Linux Mint 17.3 Rosa \n \l

server2/var/log/auth.log重新连接屏幕会话失败的尝试:

Jul 13 11:40:32 server2 sshd[21144]: Accepted publickey for dbkeys from 77.225.135.132 port 52437 ssh2: RSA SHA256:uidABN1IbiI7jQx10VmpWrbCGgyTkGwJaIHiiG6crPI
Jul 13 11:40:32 server2 sshd[21144]: pam_unix(sshd:session): session opened for user dbkeys by (uid=0)
Jul 13 11:40:32 server2 systemd-logind[546]: New session 203 of user dbkeys.
Jul 13 11:40:32 server2 sshd[21183]: Received disconnect from 77.225.135.132 port 52437:11: disconnected by user
Jul 13 11:40:32 server2 sshd[21183]: Disconnected from 77.225.135.132 port 52437
Jul 13 11:40:32 server2 sshd[21144]: pam_unix(sshd:session): session closed for user dbkeys
Jul 13 11:40:32 server2 systemd-logind[546]: Removed session 203.

服务器 2 运行 Ubuntu 16.04.2

root@server2:/var/log# uname -a
Linux audit.bitmark.io 4.4.0-83-generic #106-Ubuntu SMP Mon Jun 26 17:54:43 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
root@server2:/var/log# cat /etc/issue
Ubuntu 16.04.2 LTS \n \l

server1 和 server2 的/etc/ssh/sshd_config 文件相同

什么不允许screen在 server2 上执行?

答案1

问题出在登录 shell 上。在服务器 2 上,sudosh被用作登录 shell,而不是/bin/bash

相关行/etc/passwd

dbkeys:x:1000:1000:DBKeys,,,:/home/dbkeys:/usr/local/bin/sudosh

但是,在 中,必须明确允许/etc/sudosh.conf程序运行:screen

# Sudosh Configuration File
logdir                  = /var/log/sudosh
default shell           = /bin/bash
delimiter               = -
syslog.priority         = LOG_INFO
syslog.facility         = LOG_LOCAL2
clearenvironment        = yes

# Allow Sudosh to execute -c arguments?  If so, what?
-c arg allow = scp
-c arg allow = rsync
-c arg allow = screen

-c arg allow = screen在末尾添加一行sudosh.conf解决了问题。

相关内容