Debian 10(buster)でsshdに問題があります。リモートからアクセスしようとすると接続が自動的に拒否され、ssh.serviceを再起動しようとすると、タイムアウトエラーが表示されるまでプロセスはブロックされたままになります。
sudo /etc/init.d/ssh restart
Restarting ssh (via systemctl): ssh.serviceJob for ssh.service failed because a timeout was exceeded.
See "systemctl status ssh.service" and "journalctl -xe" for details.
failed!
リモートでログインする必要がある唯一の方法は、再インストールすることですopenssh-server(何..?はい)
ssh.service単位は次のとおりです(デフォルト)
[Unit]
Description=OpenBSD Secure Shell server
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
RuntimeDirectory=sshd
RuntimeDirectoryMode=0755
[Install]
WantedBy=multi-user.target
Alias=sshd.service
/etc/ssh/sshd_configまた、これは:
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port 22
AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
#Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
ここで何が起こっているのでしょうか?
アップデート#1:
これがjournalctl -xe出力です
Feb 14 08:23:04 arm systemd[1]: systemd-fsckd.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit systemd-fsckd.service has successfully entered the 'dead' state.
Feb 14 08:23:05 arm systemd[1]: apt-daily-upgrade.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit apt-daily-upgrade.service has successfully entered the 'dead' state.
Feb 14 08:23:05 arm systemd[1]: Started Daily apt upgrade and clean activities.
-- Subject: A start job for unit apt-daily-upgrade.service has finished successf
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit apt-daily-upgrade.service has finished successfully.
--
-- The job identifier is 247.
Feb 14 08:23:46 arm sudo[3263]: pam_unix(sudo:auth): authentication failure; log
Feb 14 08:23:50 arm sudo[3263]: szx : TTY=ttyPS0 ; PWD=/home/szx ; USER=roo
Feb 14 08:23:50 arm sudo[3263]: pam_unix(sudo:session): session opened for user
lines 1141-1163/1163 (END)
出力は次のとおりですsystemctl status ssh。
* ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
Active: activating (start-pre) since Fri 2020-02-14 08:25:35 UTC; 27s ago
Docs: man:sshd(8)
man:sshd_config(5)
Cntrl PID: 3268 (sshd)
CGroup: /system.slice/ssh.service
`-3268 /usr/sbin/sshd -t
Feb 14 08:25:35 arm systemd[1]: Starting OpenBSD Secure Shell server...
lines 1-10/10 (END)
アップデート#2:
-tまた、sshdがまだ次のオプションで実行されていることを確認しました。
ps aux | grep sshd
root 3126 0.0 0.2 11828 4936 ? Ss 08:39 0:00 /usr/sbin/sshd -t
szx 3156 0.0 0.0 3472 1732 ttyPS0 S+ 08:39 0:00 grep sshd
ExecStart私はこれがorPreExecReloadコマンドの連続性だと思います。ssh.service
アップデート#3:
実行するとdpkg-reconfigure openssh-serverリモートでログインできますが、サーバーセッションが終了するまでのみ可能です。だからdpkg-reconfigure起動するたびに実行する必要があります...