我正在尝试使用 Rocketeer 将 Laravel 网站部署到开发服务器(基于 cPanel)。我在维护 SSH 连接时遇到问题,并且服务器在最初建立连接后断开连接。
该过程能够初步建立连接,并且我知道我的公钥认证正在起作用,因为我能够使用语法直接连接到服务器。ssh [email protected]
服务器上的日志文件被 grep 以显示相关行,如下所示:
root@cyrus [/var/log]# cat secure | grep 79.125.223.206
Jul 23 05:55:26 tri sshd[8502]: Received disconnect from 79.125.223.206: 11:
Jul 23 05:55:51 tri sshd[8532]: Connection closed by 79.125.223.206
Jul 23 05:56:01 tri sshd[8538]: Accepted publickey for nrfiorg from 79.125.223.206 port 54142 ssh2
Jul 23 05:56:09 tri sshd[8542]: Received disconnect from 79.125.223.206: 11: disconnected by user
Jul 23 05:56:18 tri sshd[8588]: Received disconnect from 79.125.223.206: 11:
Jul 23 05:56:54 tri sshd[8601]: Received disconnect from 79.125.223.206: 11:
Jul 23 05:57:05 tri sshd[8607]: Received disconnect from 79.125.223.206: 11:
Jul 23 05:58:43 tri sshd[8668]: Accepted password for nrfiorg from 79.125.223.206 port 54521 ssh2
Jul 23 05:58:45 tri sshd[8672]: Received disconnect from 79.125.223.206: 11:
Jul 23 05:58:47 tri sshd[8698]: Accepted password for nrfiorg from 79.125.223.206 port 54524 ssh2
Jul 23 05:58:48 tri sshd[8702]: Received disconnect from 79.125.223.206: 11:
Jul 23 05:58:50 tri sshd[8720]: Accepted password for nrfiorg from 79.125.223.206 port 54527 ssh2
Jul 23 05:58:51 tri sshd[8733]: Received disconnect from 79.125.223.206: 11:
Jul 23 06:01:36 tri sshd[8997]: Accepted password for nrfiorg from 79.125.223.206 port 54960 ssh2
Jul 23 06:01:38 tri sshd[9001]: Received disconnect from 79.125.223.206: 11:
Jul 23 06:03:10 tri sshd[9083]: Accepted password for nrfiorg from 79.125.223.206 port 55237 ssh2
Jul 23 06:03:12 tri sshd[9091]: Received disconnect from 79.125.223.206: 11:
Jul 23 06:03:16 tri sshd[9117]: Accepted password for nrfiorg from 79.125.223.206 port 55266 ssh2
Jul 23 06:03:17 tri sshd[9121]: Received disconnect from 79.125.223.206: 11:
Jul 23 06:03:21 tri sshd[9152]: Accepted password for nrfiorg from 79.125.223.206 port 55295 ssh2
Jul 23 06:03:23 tri sshd[9160]: Received disconnect from 79.125.223.206: 11:
Jul 23 06:03:25 tri sshd[9186]: Accepted password for nrfiorg from 79.125.223.206 port 55322 ssh2
Jul 23 06:03:27 tri sshd[9190]: Received disconnect from 79.125.223.206: 11:
Jul 23 06:03:43 tri sshd[9216]: Accepted password for nrfiorg from 79.125.223.206 port 55349 ssh2
Jul 23 06:03:44 tri sshd[9220]: Received disconnect from 79.125.223.206: 11:
Jul 23 06:04:46 tri sshd[9394]: Accepted password for nrfiorg from 79.125.223.206 port 55576 ssh2
Jul 23 06:04:47 tri sshd[9398]: Received disconnect from 79.125.223.206: 11:
Jul 23 06:07:12 tri sshd[9560]: Accepted password for nrfiorg from 79.125.223.206 port 55932 ssh2
Jul 23 06:07:14 tri sshd[9566]: Received disconnect from 79.125.223.206: 11:
Jul 23 06:07:45 tri sshd[9588]: Accepted password for nrfiorg from 79.125.223.206 port 56019 ssh2
Jul 23 06:07:47 tri sshd[9592]: Received disconnect from 79.125.223.206: 11:
Jul 23 06:40:35 tri sshd[10908]: Accepted publickey for nrfiorg from 79.125.223.206 port 60920 ssh2
Jul 23 06:40:52 tri sshd[10914]: Received disconnect from 79.125.223.206: 11: disconnected by user
Jul 23 06:41:15 tri sshd[10997]: Accepted publickey for root from 79.125.223.206 port 61639 ssh2
root@cyrus [/var/log]# cat lfd.log | grep 79.125.223.206
Jul 23 13:24:36 cyrus lfd[10267]: *WHM/cPanel root access* from 79.125.223.206
root@cyrus [/var/log]# cat messages | grep 79.125.223.206
root@cyrus [/var/log]#
从上面可以明显看出,连接建立后 1-2 秒就会断开。
相同的部署脚本,配置方式完全相同,但部署到位于不同基于 cPanel 的机器上的暂存服务器,可成功执行。
两个 cPanel 服务器的配置方式相同,但是两个服务器上的防火墙配置可能存在细微差别,但是,我不确定如何区分两台机器上的防火墙配置,以查看是否存在任何细微差别,这些差别可能会阻止开发服务器维持连接和执行部署脚本。
如有任何建议,我们将不胜感激。
谢谢。
更新
好的,有一些不同之处。
为了方便起见,我将调用有问题的服务器dev和正常运行的服务器staging。
dev:密码验证是
staging:密码验证无
dev:X11Forwarding 否 staging:X11Forwarding 是
两者都有 csf,但有几点不同:
dev: DROP_OUT_LOGGING = “1” staging: DROP_OUT_LOGGING = “0”
dev: LF_SSHD = “20” staging: LF_SSHD = “5”
dev: LF_SSHD_PERM =“3600” staging: LF_SSHD_PERM =“1”
dev: CT_LIMIT = “300” staging: CT_LIMIT = “0”
dev: CT_INTERVAL =“120” staging: CT_INTERVAL =“30”
dev: CT_SKIP_TIME_WAIT = “1” staging: CT_SKIP_TIME_WAIT = “0”
答案1
您的防火墙在 dev 和 staging 之间存在一些与 ssh 相关的差异:
开发:LF_SSHD =“20” 暂存:LF_SSHD =“5”
开发:LF_SSHD_PERM =“3600” 暂存:LF_SSHD_PERM =“1”
这些值用于阻止尝试连接过于频繁的 IP 地址。由于您正在重试部署脚本,因此您可能在那里触发了最大值。您应该更改暂存服务器上的值以匹配开发服务器上的值。