我有一台服务器运行戈格斯实例(一个自托管的 github 克隆)。
我最近进行了手动升级,并移动了很多东西,包括更改远程用户登录的用户名。
不知何故,现在我无法 ssh 进入 git 用户(名为gogs):
Durr@DURRCOMP ~
$ ssh --noprofile [email protected]
PTY allocation request failed on channel 0
bash: /home/git/go/src/github.com/gogits/gogs/gogs: No such file or directory
Connection to 192.168.1.8 closed.
某个地方的某些东西正在执行(或尝试执行)二进制文件/home/git/go/src/github.com/gogits/gogs/gogs,该二进制文件在更改之前确实存在。
然而,我不知道是什么将其插入到登录过程中。
用户的外壳gogs:
root@vcsbox:/etc/gogs/conf# cat /etc/passwd | grep gogs
gogs:x:109:119::/home/gogs:/bin/bash
root@vcsbox:/etc/gogs/conf#
用户gogs没有.bashrc或.profile:
gogs@vcsbox:~$ pwd
/home/gogs
gogs@vcsbox:~$ ls -a
. .. .bash_history .cache .gitconfig gogs-repositories .nano_history .ssh
gogs@vcsbox:~$
/etc/profile显示正常:
gogs@vcsbox:~$ cat /etc/profile
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
if [ "$PS1" ]; then
if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then
# The file bash.bashrc already sets the default PS1.
# PS1='\h:\w\$ '
if [ -f /etc/bash.bashrc ]; then
. /etc/bash.bashrc
fi
else
if [ "`id -u`" -eq 0 ]; then
PS1='# '
else
PS1='$ '
fi
fi
fi
# The default umask is now handled by pam_umask.
# See pam_umask(8) and /etc/login.defs.
if [ -d /etc/profile.d ]; then
for i in /etc/profile.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
unset i
fi
gogs@vcsbox:~$
并且/etc/profile.d/没有特别可疑的内容:
gogs@vcsbox:/etc/profile.d$ ls
bash_completion.sh Z97-byobu.sh
gogs@vcsbox:/etc/profile.d$ cat *
# Check for interactive bash and that we haven't already been sourced.
if [ -n "$BASH_VERSION" -a -n "$PS1" -a -z "$BASH_COMPLETION_COMPAT_DIR" ]; then
# Check for recent enough version of bash.
bash=${BASH_VERSION%.*}; bmajor=${bash%.*}; bminor=${bash#*.}
if [ $bmajor -gt 4 ] || [ $bmajor -eq 4 -a $bminor -ge 1 ]; then
[ -r "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ] && \
. "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion"
if shopt -q progcomp && [ -r /usr/share/bash-completion/bash_completion ]; then
# Source completion code.
. /usr/share/bash-completion/bash_completion
fi
fi
unset bash bmajor bminor
fi
#!/bin/sh
# Z97-byobu.sh - allow any user to opt into auto-launching byobu
# Copyright (C) 2011 Canonical Ltd.
#
# Authors: Dustin Kirkland <[email protected]>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Allow any user to opt into auto-launching byobu by setting LC_BYOBU=1
# Apologies for borrowing the LC_BYOBU namespace, but:
# a) it's reasonable to assume that no one else is using LC_BYOBU
# b) LC_* is sent and receieved by most /etc/ssh/ssh*_config
if [ -n "$LC_BYOBU" ] && [ "$LC_BYOBU" -gt 0 ] && [ -r "/usr/bin/byobu-launch" ]; then
. /usr/bin/byobu-launch
elif [ "$LC_TERMTYPE" = "byobu" ] && [ -r "/usr/bin/byobu-launch" ]; then
. /usr/bin/byobu-launch
elif [ "$LC_TERMTYPE" = "byobu-screen" ] && [ -r "/usr/bin/byobu-launch" ]; then
export BYOBU_BACKEND="screen"
. /usr/bin/byobu-launch
elif [ "$LC_TERMTYPE" = "byobu-tmux" ] && [ -r "/usr/bin/byobu-launch" ]; then
export BYOBU_BACKEND="tmux"
. /usr/bin/byobu-launch
fi
# vi: syntax=sh ts=4 noexpandtab
gogs@vcsbox:/etc/profile.d$
我什至对整个文件系统进行了强力搜索来寻找有问题的路径:
root@vcsbox:/etc/gogs/conf# find / -type f | xargs grep gogits 2>/dev/null
/etc/gogs/conf/app.ini:; More detail: https://github.com/gogits/gogs/issues/165
/etc/gogs/conf/app.ini:COOKIE_NAME = i_like_gogits
root@vcsbox:/etc/gogs/conf#
所以。鉴于上述情况,命令到底可能来自哪里?
系统是Ubuntu 14.04 LTS(服务器版)。
答案1
可以通过.ssh/authorized_keys文件中的选项强制执行命令。显然,只有当您尝试使用特定的 ssh 密钥登录时,才会运行此命令。也许检查一下那个文件?