我有一台较旧的 PowerMac G5 和一台需要现代 SSH 访问的 PowerPC。没有供应商支持。我更新了 OpenSSL 和 OpenSSH,并将它们安装在 中/usr/local。更新的sshd位于/usr/local/sbin/sshd并监听端口 1522。
与服务器的连接被拒绝,客户端显示ssh_exchange_identification: Connection closed by remote host。我-d在服务器上启用了日志记录,它的写入/var/log/sshd.log:sshd re-exec requires execution with an absolute path到stderr。
以下是测试连接的完整记录:
$ grep -I -R sshd /var/log 2>/dev/null
/var/log/appfirewall.log:Aug 23 13:15:22 riemann.local socketfilterfw[122] <Info>: sshd is listening from 0.0.0.0:1522 proto=6
/var/log/appfirewall.log:Aug 23 13:15:22 riemann.local socketfilterfw[122] <Info>: sshd is listening from :::1522 proto=6
/var/log/sshd.log:Aug 23 13:16:43 riemann.local launchproxy[362] <Info>: /usr/local/sbin/sshd: Connection from: 127.0.0.1 on port: 49157
/var/log/sshd.log:sshd re-exec requires execution with an absolute path
当我在构建时配置 OpenSSH 时,我不记得与 fork 行为相关的选项。./configure --help | egrep "(fork|re-exec)"没有返回任何内容。我使用 进行配置./configure --without-ssh1 --with-ssl-dir=/usr/local/ssl/darwin --with-zlib=/usr/local --prefix=/usr/local。
我该如何在分叉时sshd使用它的绝对路径(/usr/local/sbin/sshd)?
编辑. 出现错误信息sshd re-exec requires execution with an absolute path是由 中的以下内容引起的sshd.c。它出现在第 1625 行附近:
if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
fatal("sshd re-exec requires execution with an absolute path");
更改代码以打印av[0]显示没有可执行文件或路径。新消息(由于以下更改)包括(re-exec with "-i -d")。
if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
fatal("sshd re-exec requires execution with an absolute path (re-exec with \"%s\")", (av[0] ? av[0] : "<NULL>"));
不幸的是,将 plist 更改为:
<key>ProgramArguments</key>
<array>
<string>/usr/local/sbin/sshd -i -d</string>
</array>
结果如下(注意sshd.c仍然删除了我在 输入的绝对路径argv[0]):
$ sudo grep 'sshd' /var/log/* 2>/dev/null
/var/log/system.log:Aug 23 15:51:22 riemann.local sshd -i -d[1243]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
/var/log/system.log:Aug 23 15:51:22 riemann.local sshd -i -d[1243]: error: Bind to port 22 on :: failed: Address already in use.
/var/log/system.log:Aug 23 15:51:22 riemann.local sshd -i -d[1243]: fatal: Cannot bind any address.
我不知道 Launchd 在启动时如何/使用什么来启动守护进程,但 plist 如下所示。启动正常;问题发生在客户端在 fork/exec 期间连接时。
一旦启动,我可以用 停止它sudo launchctl unload /System/Library/LaunchDaemons/ssh-7.1.plist。然后我可以用 重新启动它sudo launchctl load /System/Library/LaunchDaemons/ssh-7.1.plist。
$ cat /System/Library/LaunchDaemons/ssh-7.1.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.openssh.sshd-v7.1</string>
<key>Program</key>
<string>/usr/local/sbin/sshd</string>
<key>ProgramArguments</key>
<array>
<string>-i -d</string>
</array>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>1522</string>
</dict>
</dict>
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<false/>
</dict>
<key>StandardErrorPath</key>
<string>/var/log/sshd.log</string>
<key>SHAuthorizationRight</key>
<string>system.preferences</string>
</dict>
</plist>
答案1
问题出在根据提供的信息复制的 plist 文件中服务器故障问题/答案。plist 需要明确标注usr/local/sbin/sshd为ProgramArguments:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.openssh.sshd.7-1</string>
<key>Program</key>
<string>/usr/local/sbin/sshd</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/sbin/sshd</string>
<string>-i</string>
</array>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>1522</string>
</dict>
</dict>
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<false/>
</dict>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>SHAuthorizationRight</key>
<string>system.preferences</string>
</dict>
</plist>