Debian 10 (buster) sshd 将无法正确运行

Debian 10 (buster) sshd 将无法正确运行

我在 Debian 10 (buster) 上遇到 sshd 问题。当我尝试从远程访问时,连接被自动拒绝,并且当我尝试重新启动 ssh.service 时,该进程保持阻塞状态,直到显示超时错误:

sudo /etc/init.d/ssh restart
Restarting ssh (via systemctl): ssh.serviceJob for ssh.service failed because a timeout was exceeded.
See "systemctl status ssh.service" and "journalctl -xe" for details.
 failed!

我必须远程登录的唯一方法是重新安装openssh-server(wt..?是的)

ssh.service 单元如下(默认)

[Unit]
Description=OpenBSD Secure Shell server
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
RuntimeDirectory=sshd
RuntimeDirectoryMode=0755

[Install]
WantedBy=multi-user.target
Alias=sshd.service

/etc/ssh/sshd_config也是下面这个:

#   $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Port 22
AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
#Subsystem  sftp    /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

这里发生了什么事 ?

更新#1:

这是journalctl -xe输出

Feb 14 08:23:04 arm systemd[1]: systemd-fsckd.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit systemd-fsckd.service has successfully entered the 'dead' state.
Feb 14 08:23:05 arm systemd[1]: apt-daily-upgrade.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit apt-daily-upgrade.service has successfully entered the 'dead' state.
Feb 14 08:23:05 arm systemd[1]: Started Daily apt upgrade and clean activities.
-- Subject: A start job for unit apt-daily-upgrade.service has finished successf
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit apt-daily-upgrade.service has finished successfully.
--
-- The job identifier is 247.
Feb 14 08:23:46 arm sudo[3263]: pam_unix(sudo:auth): authentication failure; log
Feb 14 08:23:50 arm sudo[3263]:      szx : TTY=ttyPS0 ; PWD=/home/szx ; USER=roo
Feb 14 08:23:50 arm sudo[3263]: pam_unix(sudo:session): session opened for user
lines 1141-1163/1163 (END)

这是的输出systemctl status ssh

* ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
   Active: activating (start-pre) since Fri 2020-02-14 08:25:35 UTC; 27s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
Cntrl PID: 3268 (sshd)
   CGroup: /system.slice/ssh.service
           `-3268 /usr/sbin/sshd -t

Feb 14 08:25:35 arm systemd[1]: Starting OpenBSD Secure Shell server...
lines 1-10/10 (END)

更新#2:

我还注意到 sshd 仍然使用-t选项执行:

ps aux | grep sshd
root      3126  0.0  0.2  11828  4936 ?        Ss   08:39   0:00 /usr/sbin/sshd -t
szx       3156  0.0  0.0   3472  1732 ttyPS0   S+   08:39   0:00 grep sshd

我认为这是...中的ExecStartPreExecReload指令的连续性ssh.service

更新#3:

如果我运行,dpkg-reconfigure openssh-server我可以远程登录,但只能在服务器会话结束之前登录。所以我应该dpkg-reconfigure在每次启动后运行......

相关内容