因此,我的 VM RHEL 8.6 测试服务器与 Hyper-V 遇到了一个奇怪的问题。
问题是 SSH 服务有时会在午夜左右挂起。
要再次连接到服务器,我必须在 Hyper-V 中手动重新启动它,因为我无法通过 SSH 登录,因为它被冻结了。
奇怪的是,其他服务运行良好,即。 httpd、mysqld 等。
我有 telnet、ping、nmap(端口 22 打开)、snmp 响应,除了 SSH 之外,一切看起来都很好。
安装了 Nagios 4.4.7,当发生 SSH 冻结时,Nagios 的服务检查也会停止。
我有另一台服务器,Nagios 监控有问题的服务器,snmp 工作正常,我也可以看到 CPU 和 RAM 正常。
当我尝试使用 SSH 登录时,我没有得到任何响应...但在调试级别下,它似乎可以连接,但不会继续前进。
OpenSSH_6.2p2 (CentrifyDC build 5.1.3-204) (CentrifyDC build 5.1.3-204), OpenSSL 0.9.8w-fips 23 Apr 2012
2023-04-08 12:04:17: debug1: Reading configuration data /etc/centrifydc/ssh/ssh_config
2023-04-08 12:04:17: debug1: /etc/centrifydc/ssh/ssh_config line 48: Applying options for *
2023-04-08 12:04:17: debug2: ssh_connect: needpriv 0
2023-04-08 12:04:17: debug1: Connecting to 10.85.x.x [10.85.x.x] port 22.
2023-04-08 12:04:17: debug1: Connection established.
2023-04-08 12:04:17: debug3: Incorrect RSA1 identifier
2023-04-08 12:04:17: debug3: Could not load "/home/nagios/.ssh/id_rsa" as a RSA1 public key
2023-04-08 12:04:17: debug1: identity file /home/nagios/.ssh/id_rsa type 1
2023-04-08 12:04:17: debug1: identity file /home/nagios/.ssh/id_rsa-cert type -1
2023-04-08 12:04:17: debug1: identity file /home/nagios/.ssh/id_dsa type -1
2023-04-08 12:04:17: debug1: identity file /home/nagios/.ssh/id_dsa-cert type -1
2023-04-08 12:04:17: debug1: identity file /home/nagios/.ssh/id_ecdsa type -1
2023-04-08 12:04:17: debug1: identity file /home/nagios/.ssh/id_ecdsa-cert type -1
2023-04-08 12:04:17: debug1: Enabling compatibility mode for protocol 2.0
2023-04-08 12:04:17: debug1: Local version string SSH-2.0-OpenSSH_6.2
[root@hostname ~]# nmap -sU -p 22 10.85.x.x
Starting Nmap 5.51 ( http://nmap.org ) at 2023-04-08 12:09 BOT
Nmap scan report for 10.85.x.x
Host is up (0.0050s latency).
PORT STATE SERVICE
22/udp open|filtered ssh
Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds
[root@hostname ~]# telnet 10.85.x.x 22
Trying 10.85.x.x...
Connected to 10.85.x.x.
这是来自带有 RHEL 8.6 的较新主机
OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 10.85.x.x originally 10.85.x.x
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 10.85.x.x is address
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 10.85.x.x originally 10.85.x.x
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug2: ssh_connect_direct
debug1: Connecting to 10.85.x.x [10.85.x.x] port 22.
debug1: connect to address 10.85.x.x port 22: Connection refused
ssh: connect to host 10.85.x.x port 22: Connection refused
另外一件事是,cron 作业也停止工作,我有一个本地脚本,如果某个文件停止更新,它会自动重新启动,但当 SSH 服务被冻结时,它不会运行。
这意味着实际上没有运行任何 cron 作业,我不是专家,但这取决于 SSH 或者还有什么可能是不执行这些任务的原因?
我已经禁用了 mysqld、ndo2db,但挂起仍然存在。
告诉我从哪里开始,这样我就能弄清楚哈哈,谢谢!