我卸载了 vsftpd,但仍然可以使用 sftp 连接

tag-icon tag-icon ftp sftp vsftpd
我卸载了 vsftpd,但仍然可以使用 sftp 连接

我安装了 vsftpd 并正在配置它。当我发送 vsftpd 服务器停止命令时:

sudo service vsftpd stop

我收到了:

stop: Unknown instance

所以我继续卸载它并重新启动系统

sudo apt-get remove --purge vsftpd

当我“停止”vsftpd 现在它说:

vsftpd: unrecognized service

如果我尝试“卸载”vsftpd,它会显示:

Package vsftpd is not installed, so not removed

问题:但我仍然可以使用 FTP 客户端连接到我的服务器

我怎么也不敢相信有僵尸?即使重新启动后也不会被杀死的进程。有人可以解释一下吗?

系统配置:Ubuntu 12.04.1 Server LTS 作为 Windows 7 主机 VM 上的来宾 VM

根据请求进行 TCP 转储:命令:sudo tcpdump port 22 >tcpdump.log 采取的措施:使用 WinSCP 通过 SFTP 进入来宾操作系统服务器

tcp转储日志:

17:00:42.745423 IP Brown.home.54199 > ubuntu-12.home.ssh: Flags [P.], seq 4076673955:4076673991, ack 3552872727, win 17520, length 36
17:00:42.745442 IP Brown.home.54199 > ubuntu-12.home.ssh: Flags [F.], seq 36, ack 1, win 17520, length 0
17:00:42.746192 IP ubuntu-12.home.ssh > Brown.home.54199: Flags [F.], seq 1, ack 37, win 16616, length 0
17:00:42.746406 IP Brown.home.54199 > ubuntu-12.home.ssh: Flags [.], ack 2, win 17520, length 0
17:00:50.181085 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [S], seq 8389211, win 8192, options [mss 1460,nop,nop,sackOK], length 0
17:00:50.181112 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [S.], seq 1127786298, ack 8389212, win 14600, options [mss 1460,nop,nop,sackOK], length 0
17:00:50.181262 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [.], ack 1, win 17520, length 0
17:00:50.186862 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 1:40, ack 1, win 14600, length 39
17:00:50.187152 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1:31, ack 40, win 17481, length 30
17:00:50.187282 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [.], ack 31, win 14600, length 0
17:00:50.187476 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 31:639, ack 40, win 17481, length 608
17:00:50.187485 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [.], ack 639, win 15808, length 0
17:00:50.188653 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 40:1024, ack 639, win 15808, length 984
17:00:50.188900 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 639:655, ack 1024, win 16497, length 16
17:00:50.190537 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 1024:1304, ack 655, win 15808, length 280
17:00:50.240004 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 655:927, ack 1304, win 16217, length 272
17:00:50.254190 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 1304:2152, ack 927, win 17024, length 848
17:00:50.312380 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 927:943, ack 2152, win 17520, length 16
17:00:50.351847 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [.], ack 943, win 17024, length 0
17:00:50.352298 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 943:995, ack 2152, win 17520, length 52
17:00:50.352316 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [.], ack 995, win 17024, length 0
17:00:50.352579 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 2152:2204, ack 995, win 17024, length 52
17:00:50.361499 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 995:1063, ack 2204, win 17468, length 68
17:00:50.388593 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 2204:2272, ack 1063, win 17024, length 68
17:00:50.590761 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [.], ack 2272, win 17400, length 0
17:00:52.960712 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1063:1147, ack 2272, win 17400, length 84
17:00:52.999659 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [.], ack 1147, win 17024, length 0
17:00:53.037972 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 2272:2308, ack 1147, win 17024, length 36
17:00:53.038482 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1147:1215, ack 2308, win 17364, length 68
17:00:53.038510 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [.], ack 1215, win 17024, length 0
17:00:53.271416 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 2308:2360, ack 1215, win 17024, length 52
17:00:53.271628 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1215:1299, ack 2360, win 17312, length 84
17:00:53.271661 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [.], ack 1299, win 17024, length 0
17:00:53.271864 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1299:1367, ack 2360, win 17312, length 68
17:00:53.271872 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [.], ack 1367, win 17024, length 0
17:00:53.272369 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 2360:2448, ack 1367, win 17024, length 88
17:00:53.275151 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1367:1419, ack 2448, win 17224, length 52
17:00:53.275347 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 2448:2628, ack 1419, win 17024, length 180
17:00:53.279576 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1419:1471, ack 2628, win 17044, length 52
17:00:53.279717 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 2628:2728, ack 1471, win 17024, length 100
17:00:53.280194 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1471:1539, ack 2728, win 16944, length 68
17:00:53.280339 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 2728:2796, ack 1539, win 17024, length 68
17:00:53.280546 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1539:1607, ack 2796, win 16876, length 68
17:00:53.280869 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 2796:3504, ack 1607, win 17024, length 708
17:00:53.281105 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1607:1675, ack 3504, win 16168, length 68
17:00:53.281218 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 3504:3588, ack 1675, win 17024, length 84
17:00:53.281416 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1675:1743, ack 3588, win 16084, length 68
17:00:53.281543 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [P.], seq 3588:3656, ack 1743, win 17024, length 68
17:00:53.480952 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [.], ack 3656, win 17520, length 0
17:00:56.881662 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [P.], seq 1743:1779, ack 3656, win 17520, length 36
17:00:56.881688 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [F.], seq 1779, ack 3656, win 17520, length 0
17:00:56.881908 IP ubuntu-12.home.ssh > Brown.home.54223: Flags [F.], seq 3656, ack 1780, win 17024, length 0
17:00:56.882061 IP Brown.home.54223 > ubuntu-12.home.ssh: Flags [.], ack 3657, win 17520, length 0

如果您需要任何其他信息,请告诉我

答案1

SFTP 不是 FTP。它是sftp的子系统ssh,由守护进程处理sshdvsftpd而不是任何 FTP 服务器。它位于sshTCP 端口 (22),而不是 FTP 端口21(当数据连接位于任意端口时,FTP 命令处于打开状态21,FTP 中的多个连接是 SFTP 比 FTP 好得多的众多原因之一)。

ss -lp sport = :22

或者

ss -lp sport = :ssh

会告诉你sshd正在处理那里的连接。

如果您想禁用SFTP但保留ssh访问权限(尽管这没有什么意义,除非用户在该计算机上使用受限 shell 登陆),则必须通过注释掉该行sftp来禁用。sshd_configSubsystem sftp...

答案2

听起来安装的可能vsftpd不是软件包的一部分。

您可以识别哪个进程正在处理 ftp 连接(以 root 身份):

ss -pl sport = :ftp

如果它显示inetdxinetd,您需要查看它们的配置以了解实际运行的命令是什么。

如果没有,则给定进程的 pid ( $pid),执行

dpkg -S "$(readlink -f "/proc/$pid/exe")"

这应该确定该命令属于哪个包(如果有)。如果没有软件包,您可能必须首先了解该软件是如何安装的,因为它可能附带有关如何删除它的说明。

(请注意,zombieUnix 中的进程指的是完全不同的东西)。

答案3

这不是僵尸。最有可能的卸载脚本也没有成功阻止它,而是删除了包上的所有文件和信息。要在不重新启动的情况下恢复,请尝试以下操作:

ps -A|grep vsftp

您将看到一行及其 PID。

然后以root身份使用命令

kill -KILL PID

我希望你能摆脱那个僵尸

答案4

从您的其他评论来看,您似乎没有运行 FTP 服务器。一种可能性是您的计算机或其他地方存在防火墙,它将 FTP 端口重定向到另一台主机,或者它被虚拟化软件拦截。或者,您错了,您根本没有连接到您认为正在连接的机器。提供 FTP 客户端的输出可能有助于澄清。更好的是来自服务器的 TCP 日志,例如tcpdump 'port 21'.

另一种可能性(尽管可能性很小)是您有一个 rootkit 隐藏了服务器进程的存在。

相关内容