发出 sshd_config / systemctl restart

发出 sshd_config / systemctl restart

我的一个工作站(以前是 22.04.1 服务器版本,但根据 NUC 兼容性列表,最新的 BIOS 和 dbx EUFI 数据库升级迫使我降级到工作站,因为服务器版本在内核恐慌中循环(NUC 10i7FNH BIOS:59 UEFI dbx:267。详情如下:

sudo fwupdmgr 获取设备

NUC10i7FNH
├─SSD 970 EVO Plus 2TB:
│     Summary:            NVM Express solid state drive
│     Current version:    2B2QEXM7
│     Vendor:             Samsung (NVME:0x144D)
├─System Firmware:
│ │   Summary:            UEFI ESRT device
│ │   Current version:    59
│ │   Minimum Version:    59
│ │   Vendor:             Intel(R) Client Systems (DMI:Intel Corp.)
│ │   Update State:       Success
│ └─UEFI dbx:
│       Summary:          UEFI revocation database
│       Current version:  267
│       Minimum Version:  267
│       Vendor:           UEFI:Linux Foundation
│       Install Duration: 1 second
└─Thunderbolt host controller:
      Summary:            Unmatched performance for high-speed I/O
      Current version:    42.00
      Vendor:             Intel Corporation (THUNDERBOLT:0x8086, TBT:0x8086)

该“多宿主无头工作站”通过 netplan 配置了绑定和 VLAN,并且它应该运行 sshd 来监听它的某些(并非全部)接口。

192.16.0.150/24 (for admin only from admin vlan) port 22
10.0.1.150/24 (key users from lab 1 vlan) port 22
10.0.2.150/24 (key users from lab 2 vlan) port 22
10.0.3.150/24 (key users from lab 3 vlan) port 22
10.0.4.150/24 (key users from lab 4 vlan) port 22
other vlans (storage, backup, data/application, etc.) are supposed to be without users that need to get  a ssh connection.

安装 sshd 之后,无需定制 sshd_config,一切正常,所有接口都可以获得其 sshd 监听器,甚至那些应该提供存储/备份或应用程序流的接口也是如此......

我已经进行了几次测试(有或没有端口设置)。

使用端口设置进行测试:

ListenAddress 192.168.0.200:22
ListenAddress 10.0.1.200:22
ListenAddress 10.0.2.200:22
ListenAddress 10.0.3.200:22
ListenAddress 10.0.4.200:22

不设置端口测试:

ListenAddress 192.168.0.200
ListenAddress 10.0.1.200
ListenAddress 10.0.2.200
ListenAddress 10.0.3.200
ListenAddress 10.0.4.200

我运行的所有明确指定了 ListenerAddress 的测试都遇到了同样的问题。systemctl 注意到服务降级:sshd 在系统启动时(引导或重启后)显示失败状态,但 systemctl restart ssh.service 会在下次重启前修复该问题。

sudo systemctl status | head -n 5

● hell
    State: degraded
     Jobs: 0 queued
   Failed: 1 units
    Since: Thu 2022-12-08 19:40:14 CET; 9min ago

sudo systemctl status ssh.service

× ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2022-12-08 19:40:15 CET; 9min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 853 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
    Process: 866 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255/EXCEPTION)
   Main PID: 866 (code=exited, status=255/EXCEPTION)
        CPU: 15ms

déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.4.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.3.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.2.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.1.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 192.168.0.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: fatal: Cannot bind any address.
déc. 08 19:40:15 hell systemd[1]: ssh.service: Main process exited, code=exited, status=255/EXCEPTION
déc. 08 19:40:15 hell systemd[1]: ssh.service: Failed with result 'exit-code'.
déc. 08 19:40:15 hell systemd[1]: Failed to start OpenBSD Secure Shell server.
déc. 08 19:46:17 hell systemd[1]: ssh.service: Unit cannot be reloaded because it is inactive.

sudo systemctl 重启 ssh.service

sudo systemctl status ssh.service

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-12-08 19:49:59 CET; 15s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 4248 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 4249 (sshd)
      Tasks: 1 (limit: 76717)
     Memory: 1.7M
        CPU: 12ms
     CGroup: /system.slice/ssh.service
             └─4249 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

déc. 08 19:49:59 hell systemd[1]: Starting OpenBSD Secure Shell server...
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.4.150 port 22.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.3.150 port 22.
déc. 08 19:49:59 hell systemd[1]: Started OpenBSD Secure Shell server.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.2.150 port 22.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.1.150 port 22.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 192.168.0.150 port 22.

有人能解释一下这是什么问题吗?

答案1

非常感谢 Andrew,我已将注意到的第一个选项应用到您的网址中。

mkdir /etc/systemd/system/sshd.service.d

cat > /etc/systemd/system/sshd.service.d/network-online.conf <<EOF
[Unit]
After=network-online.target
EOF

systemctl daemon-reload

没关系!

satan@hell:~$ sudo systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/sshd.service.d
             └─network-online.conf
     Active: active (running) since Fri 2022-12-09 18:19:43 CET; 11min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 1447 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 1454 (sshd)
      Tasks: 1 (limit: 76717)
     Memory: 7.7M
        CPU: 134ms
     CGroup: /system.slice/ssh.service
             └─1454 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

déc. 09 18:19:43 hell systemd[1]: Started OpenBSD Secure Shell server.
déc. 09 18:19:43 hell sshd[1454]: Server listening on 10.0.2.150 port 20022.
déc. 09 18:19:43 hell sshd[1454]: Server listening on 10.0.1.150 port 10022.
déc. 09 18:19:43 hell sshd[1454]: Server listening on 192.168.0.150 port 22.
déc. 09 18:21:39 hell sshd[1489]: Accepted password for satan from 192.168.0.200 port 53816 ssh2
déc. 09 18:21:39 hell sshd[1489]: pam_unix(sshd:session): session opened for user satan(uid=1000) by (uid=0)
déc. 09 18:23:45 hell sshd[1672]: Accepted password for satan from 192.168.0.200 port 37374 ssh2
déc. 09 18:23:45 hell sshd[1672]: pam_unix(sshd:session): session opened for user satan(uid=1000) by (uid=0)
déc. 09 18:30:09 hell sshd[3681]: Accepted password for satan from 10.0.4.200 port 53132 ssh2
déc. 09 18:30:09 hell sshd[3681]: pam_unix(sshd:session): session opened for user satan(uid=1000) by (uid=0)

谢谢你!

相关内容