我需要修改第二个 openssh 服务器源并在 debian 上运行。
我对源代码所做的修改并不真正相关,无论如何它们都会放大日志。
我编译了修改openssh-7.4p1后的
./configure --prefix=/opt --enable-pam --with-pam
make ; make install
然后我创建了/lib/systemd/system/ssh-mod.service:
[Unit]
Description=OpenBSD Secure Shell server modified to log
After=network.target auditd.service sshd.service
#ConditionPathExists=!/opt/etc/sshd-mod_not_to_be_run
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Service]
EnvironmentFile=-/opt/etc/default/ssh
ExecStart=/opt/sbin/sshd -D -f /opt/etc/sshd_config $SSHD_OPTS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
[Install]
WantedBy=multi-user.target
Alias=sshd-mod.service
是/opt/etc/sshd_config一个标准的 ssh 配置文件,包含以下几行:
Port 22
LogLevel INFO
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
PidFile /var/run/sshd-mod.pid
现在我启动了该服务:
$ sudo systemctl start ssh-mod
该命令无限循环,所以我等到错误消息:
Job for ssh-mod.service failed because a timeout was exceeded.
See "systemctl status ssh-mod.service" and "journalctl -xe" for details.
然后我检查状态:
$ sudo systemctl status ssh-mod
● ssh-mod.service - OpenBSD Secure Shell server modified to log
Loaded: loaded (/lib/systemd/system/ssh-mod.service; enabled; vendor preset: enabled)
Active: activating (start) since Mon 2017-09-04 10:19:50 UTC; 12s ago
Main PID: 15701 (sshd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/ssh-mod.service
└─15701 /opt/sbin/sshd -D -f /opt/etc/sshd_config
Sep 04 10:19:50 mymachine systemd[1]: ssh-mod.service: Service hold-off time over, scheduling restart
Sep 04 10:19:50 mymachine systemd[1]: Stopped OpenBSD Secure Shell server modified to log.
Sep 04 10:19:50 mymachine systemd[1]: Starting OpenBSD Secure Shell server modified to log...
Sep 04 10:19:50 mymachine sshd[15701]: Server listening on 0.0.0.0 port 22.
Sep 04 10:19:50 mymachine sshd[15701]: Server listening on :: port 22.
$ journalctl -xe
Sep 04 10:19:50 mymachine systemd[1]: ssh-mod.service: Start operation timed out. Terminating.
Sep 04 10:19:50 mymachine sshd[15549]: Received signal 15; terminating.
Sep 04 10:19:50 mymachine systemd[1]: Failed to start OpenBSD Secure Shell server modified to log.
-- Subject: Unit ssh-mod.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit ssh-mod.service has failed.
--
-- The result is failed.
Sep 04 10:19:50 mymachine systemd[1]: ssh-mod.service: Unit entered failed state.
Sep 04 10:19:50 mymachine systemd[1]: ssh-mod.service: Failed with result 'timeout'.
Sep 04 10:19:50 mymachine systemd[1]: ssh-mod.service: Service hold-off time over, scheduling restart
Sep 04 10:19:50 mymachine systemd[1]: Stopped OpenBSD Secure Shell server modified to log.
-- Subject: Unit ssh-mod.service has finished shutting down
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit ssh-mod.service has finished shutting down.
Sep 04 10:19:50 mymachine systemd[1]: Starting OpenBSD Secure Shell server modified to log...
-- Subject: Unit ssh-mod.service has begun start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit ssh-mod.service has begun starting up.
Sep 04 10:19:50 mymachine sshd[15701]: Server listening on 0.0.0.0 port 22.
Sep 04 10:19:50 mymachine sshd[15701]: Server listening on :: port 22.
实际上,服务结果为“正在激活”,但我可以登录端口 22(另一台服务器正在侦听另一个端口),因此 shell 似乎可以正常工作。
我不知道是什么原因造成的,日志不是那么明确。
我缺少什么?为什么服务挂了?
如果您需要更多信息,请告诉我。
我按照上面的步骤操作红帽文档。
答案1
我在另一个 systemd 系统(Ubuntu 16.04.3 LTS,但由可能进行了修改的 HPC 供应商提供)上看到了相同的行为。
据我所知,问题在于 Type=notify,并且 sshd 没有或无法使用 sd_notify(3) 或类似于 systemd 发送通知消息。所以 systemd 永远不会收到它已启动的消息。
我现在所做的是在 /etc/systemd/system/ssh.service 中创建一个覆盖(作为 /lib/systemd/system/ssh.service 的副本)并将类型从通知更改为分叉。然后从 ExecStart 中删除 -D,这样 sshd 将分叉其守护进程。
然后 systemctl daemon-reload 并重新启动 ssh 以确保其正常工作。
正确的解决方法是让 ssh 服务再次与 Type=notify 一起使用,但我今天没有时间这样做。希望这对某人有帮助。