如何指示“sshd”在分叉时使用其绝对路径?

如何指示“sshd”在分叉时使用其绝对路径?

我有一台较旧的 PowerMac G5 和一台需要现代 SSH 访问的 PowerPC。没有供应商支持。我更新了 OpenSSL 和 OpenSSH,并将它们安装在 中/usr/local。更新的sshd位于/usr/local/sbin/sshd并监听端口 1522。

与服务器的连接被拒绝,客户端显示ssh_exchange_identification: Connection closed by remote host。我-d在服务器上启用了日志记录,它的写入/var/log/sshd.log:sshd re-exec requires execution with an absolute pathstderr

以下是测试连接的完整记录:

$ grep -I -R sshd /var/log 2>/dev/null
/var/log/appfirewall.log:Aug 23 13:15:22 riemann.local socketfilterfw[122] <Info>: sshd is listening from 0.0.0.0:1522 proto=6
/var/log/appfirewall.log:Aug 23 13:15:22 riemann.local socketfilterfw[122] <Info>: sshd is listening from :::1522 proto=6
/var/log/sshd.log:Aug 23 13:16:43 riemann.local launchproxy[362] <Info>: /usr/local/sbin/sshd: Connection from: 127.0.0.1 on port: 49157
/var/log/sshd.log:sshd re-exec requires execution with an absolute path

当我在构建时配置 OpenSSH 时,我不记得与 fork 行为相关的选项。./configure --help | egrep "(fork|re-exec)"没有返回任何内容。我使用 进行配置./configure --without-ssh1 --with-ssl-dir=/usr/local/ssl/darwin --with-zlib=/usr/local --prefix=/usr/local

我该如何在分叉时sshd使用它的绝对路径(/usr/local/sbin/sshd)?


编辑. 出现错误信息sshd re-exec requires execution with an absolute path是由 中的以下内容引起的sshd.c。它出现在第 1625 行附近:

if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
    fatal("sshd re-exec requires execution with an absolute path");

更改代码以打印av[0]显示没有可执行文件或路径。新消息(由于以下更改)包括(re-exec with "-i -d")

if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
    fatal("sshd re-exec requires execution with an absolute path (re-exec with \"%s\")", (av[0] ? av[0] : "<NULL>"));

不幸的是,将 plist 更改为:

    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/sbin/sshd -i -d</string>
    </array>

结果如下(注意sshd.c仍然删除了我在 输入的绝对路径argv[0]):

$ sudo grep 'sshd' /var/log/* 2>/dev/null
/var/log/system.log:Aug 23 15:51:22 riemann.local sshd -i -d[1243]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
/var/log/system.log:Aug 23 15:51:22 riemann.local sshd -i -d[1243]: error: Bind to port 22 on :: failed: Address already in use.
/var/log/system.log:Aug 23 15:51:22 riemann.local sshd -i -d[1243]: fatal: Cannot bind any address.

我不知道 Launchd 在启动时如何/使用什么来启动守护进程,但 plist 如下所示。启动正常;问题发生在客户端在 fork/exec 期间连接时。

一旦启动,我可以用 停止它sudo launchctl unload /System/Library/LaunchDaemons/ssh-7.1.plist。然后我可以用 重新启动它sudo launchctl load /System/Library/LaunchDaemons/ssh-7.1.plist


$ cat /System/Library/LaunchDaemons/ssh-7.1.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Disabled</key>
    <true/>
    <key>Label</key>
    <string>com.openssh.sshd-v7.1</string>
    <key>Program</key>
    <string>/usr/local/sbin/sshd</string>
    <key>ProgramArguments</key>
    <array>
        <string>-i -d</string>
    </array>
    <key>Sockets</key>
    <dict>
            <key>Listeners</key>
            <dict>
                    <key>SockServiceName</key>
                    <string>1522</string>
            </dict>
    </dict>
    <key>inetdCompatibility</key>
    <dict>
        <key>Wait</key>
        <false/>
    </dict>
    <key>StandardErrorPath</key>
    <string>/var/log/sshd.log</string>
    <key>SHAuthorizationRight</key>
    <string>system.preferences</string>
</dict>
</plist>

答案1

问题出在根据提供的信息复制的 plist 文件中服务器故障问题/答案。plist 需要明确标注usr/local/sbin/sshdProgramArguments

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Disabled</key>
    <true/>
    <key>Label</key>
    <string>com.openssh.sshd.7-1</string>
    <key>Program</key>
    <string>/usr/local/sbin/sshd</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/sbin/sshd</string>
        <string>-i</string>
    </array>
    <key>Sockets</key>
    <dict>
            <key>Listeners</key>
            <dict>
                    <key>SockServiceName</key>
                    <string>1522</string>
            </dict>
    </dict>
    <key>inetdCompatibility</key>
    <dict>
        <key>Wait</key>
        <false/>
    </dict>
    <key>StandardErrorPath</key>
    <string>/dev/null</string>
    <key>SHAuthorizationRight</key>
    <string>system.preferences</string>
</dict>
</plist>

相关内容