我的一个工作站(以前是 22.04.1 服务器版本,但根据 NUC 兼容性列表,最新的 BIOS 和 dbx EUFI 数据库升级迫使我降级到工作站,因为服务器版本在内核恐慌中循环(NUC 10i7FNH BIOS:59 UEFI dbx:267。详情如下:
sudo fwupdmgr 获取设备
NUC10i7FNH
│
├─SSD 970 EVO Plus 2TB:
│ Summary: NVM Express solid state drive
│ Current version: 2B2QEXM7
│ Vendor: Samsung (NVME:0x144D)
├─System Firmware:
│ │ Summary: UEFI ESRT device
│ │ Current version: 59
│ │ Minimum Version: 59
│ │ Vendor: Intel(R) Client Systems (DMI:Intel Corp.)
│ │ Update State: Success
│ └─UEFI dbx:
│ Summary: UEFI revocation database
│ Current version: 267
│ Minimum Version: 267
│ Vendor: UEFI:Linux Foundation
│ Install Duration: 1 second
└─Thunderbolt host controller:
Summary: Unmatched performance for high-speed I/O
Current version: 42.00
Vendor: Intel Corporation (THUNDERBOLT:0x8086, TBT:0x8086)
该“多宿主无头工作站”通过 netplan 配置了绑定和 VLAN,并且它应该运行 sshd 来监听它的某些(并非全部)接口。
192.16.0.150/24 (for admin only from admin vlan) port 22
10.0.1.150/24 (key users from lab 1 vlan) port 22
10.0.2.150/24 (key users from lab 2 vlan) port 22
10.0.3.150/24 (key users from lab 3 vlan) port 22
10.0.4.150/24 (key users from lab 4 vlan) port 22
other vlans (storage, backup, data/application, etc.) are supposed to be without users that need to get a ssh connection.
安装 sshd 之后,无需定制 sshd_config,一切正常,所有接口都可以获得其 sshd 监听器,甚至那些应该提供存储/备份或应用程序流的接口也是如此......
我已经进行了几次测试(有或没有端口设置)。
使用端口设置进行测试:
ListenAddress 192.168.0.200:22
ListenAddress 10.0.1.200:22
ListenAddress 10.0.2.200:22
ListenAddress 10.0.3.200:22
ListenAddress 10.0.4.200:22
不设置端口测试:
ListenAddress 192.168.0.200
ListenAddress 10.0.1.200
ListenAddress 10.0.2.200
ListenAddress 10.0.3.200
ListenAddress 10.0.4.200
我运行的所有明确指定了 ListenerAddress 的测试都遇到了同样的问题。systemctl 注意到服务降级:sshd 在系统启动时(引导或重启后)显示失败状态,但 systemctl restart ssh.service 会在下次重启前修复该问题。
sudo systemctl status | head -n 5
● hell
State: degraded
Jobs: 0 queued
Failed: 1 units
Since: Thu 2022-12-08 19:40:14 CET; 9min ago
sudo systemctl status ssh.service
× ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2022-12-08 19:40:15 CET; 9min ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 853 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Process: 866 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255/EXCEPTION)
Main PID: 866 (code=exited, status=255/EXCEPTION)
CPU: 15ms
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.4.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.3.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.2.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.1.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 192.168.0.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: fatal: Cannot bind any address.
déc. 08 19:40:15 hell systemd[1]: ssh.service: Main process exited, code=exited, status=255/EXCEPTION
déc. 08 19:40:15 hell systemd[1]: ssh.service: Failed with result 'exit-code'.
déc. 08 19:40:15 hell systemd[1]: Failed to start OpenBSD Secure Shell server.
déc. 08 19:46:17 hell systemd[1]: ssh.service: Unit cannot be reloaded because it is inactive.
sudo systemctl 重启 ssh.service
sudo systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-12-08 19:49:59 CET; 15s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 4248 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 4249 (sshd)
Tasks: 1 (limit: 76717)
Memory: 1.7M
CPU: 12ms
CGroup: /system.slice/ssh.service
└─4249 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
déc. 08 19:49:59 hell systemd[1]: Starting OpenBSD Secure Shell server...
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.4.150 port 22.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.3.150 port 22.
déc. 08 19:49:59 hell systemd[1]: Started OpenBSD Secure Shell server.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.2.150 port 22.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.1.150 port 22.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 192.168.0.150 port 22.
有人能解释一下这是什么问题吗?
答案1
非常感谢 Andrew,我已将注意到的第一个选项应用到您的网址中。
mkdir /etc/systemd/system/sshd.service.d
cat > /etc/systemd/system/sshd.service.d/network-online.conf <<EOF
[Unit]
After=network-online.target
EOF
systemctl daemon-reload
没关系!
satan@hell:~$ sudo systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/sshd.service.d
└─network-online.conf
Active: active (running) since Fri 2022-12-09 18:19:43 CET; 11min ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 1447 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 1454 (sshd)
Tasks: 1 (limit: 76717)
Memory: 7.7M
CPU: 134ms
CGroup: /system.slice/ssh.service
└─1454 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
déc. 09 18:19:43 hell systemd[1]: Started OpenBSD Secure Shell server.
déc. 09 18:19:43 hell sshd[1454]: Server listening on 10.0.2.150 port 20022.
déc. 09 18:19:43 hell sshd[1454]: Server listening on 10.0.1.150 port 10022.
déc. 09 18:19:43 hell sshd[1454]: Server listening on 192.168.0.150 port 22.
déc. 09 18:21:39 hell sshd[1489]: Accepted password for satan from 192.168.0.200 port 53816 ssh2
déc. 09 18:21:39 hell sshd[1489]: pam_unix(sshd:session): session opened for user satan(uid=1000) by (uid=0)
déc. 09 18:23:45 hell sshd[1672]: Accepted password for satan from 192.168.0.200 port 37374 ssh2
déc. 09 18:23:45 hell sshd[1672]: pam_unix(sshd:session): session opened for user satan(uid=1000) by (uid=0)
déc. 09 18:30:09 hell sshd[3681]: Accepted password for satan from 10.0.4.200 port 53132 ssh2
déc. 09 18:30:09 hell sshd[3681]: pam_unix(sshd:session): session opened for user satan(uid=1000) by (uid=0)
谢谢你!