那些遇到过的问题

为什么每次启动后我都缺少 /var/run/sshd ?

Ser*_*ult 19 linux permissions ssh proxmox systemd

我在 Proxmox 5.2-11 下运行 Ubuntu 16.04 容器。应用最新一轮的补丁1 后,我无法在控制台或通过 ssh 登录。

我在虚拟机管理程序上安装了容器根 FS 并添加pts/0/etc/security/access.conf(我们运行pam_access)并允许 root 登录到控制台。我们已经root : lxc/tty0 lxc/tty1 lxc/tty2access.conf,我认为是足够的,为什么我需要pts/0现在是令人费解。

我注意到 ssh 没有运行,所以尝试手动启动它 ( /usr/sbin/sshd -DDD -f /etc/ssh/sshd_config) 并收到此错误:

Missing privilege separation directory: /var/run/sshd
Run Code Online (Sandbox Code Playgroud)

我手动创建了目录,启动ssh并最终能够登录,但是重新启动后,问题仍然存在。未创建目录。只有有用的位journalctl和唯一有趣的部分是关于“不允许操作”但没有更多信息。

我对 16.04 不太熟悉,所以想知道如何找到有关该问题的更多信息。我没有/var/log/syslog/var/log/messages只有kern.log这样的失落。

1

systemd-sysv 229-4ubuntu21.9
libpam-systemd 229-4ubuntu21.9
libsystemd0 229-4ubuntu21.9
systemd 229-4ubuntu21.9
udev 229-4ubuntu21.9
libudev1 229-4ubuntu21.9
iproute2 4.3.0-1ubuntu3.16.04.4
libsasl2-modules-db 2.1.26.dfsg1-14ubuntu0.1
libsasl2-2 2.1.26.dfsg1-14ubuntu0.1
ldap-utils 2.4.42dfsg-2ubuntu3.4
libldap-2.4-2 2.4.42dfsg-2ubuntu3.4
libsasl2-modules 2.1.26.dfsg1-14ubuntu0.1
libgs9-common 9.25dfsg1-0ubuntu0.16.04.3
ghostscript 9.25dfsg1-0ubuntu0.16.04.3
libgs9 9.25dfsg1-0ubuntu0.16.04.3
Run Code Online (Sandbox Code Playgroud)

[2]

Nov 27 10:13:48 host16 systemd[1]: Starting OpenBSD Secure Shell server...
Nov 27 10:13:48 host16 sshd[474]: Missing privilege separation directory: /var/run/sshd
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Control process exited, code=exited status=255
Nov 27 10:13:48 host16 systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Unit entered failed state.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Failed with result 'exit-code'.
Nov 27 10:13:48 host16 mysqld_safe[495]: Starting mysqld daemon with databases from /var/lib/mysql/mysql
Nov 27 10:13:48 host16 mysqld[500]: 181127 10:13:48 [Note] /usr/sbin/mysqld (mysqld 10.0.36-MariaDB-0ubuntu0.16.04.1) starting as process 499 ...
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Nov 27 10:13:48 host16 systemd[1]: Stopped OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: Failed to reset devices.list on /system.slice/ssh.service: Operation not permitted
Nov 27 10:13:48 host16 systemd[1]: Starting OpenBSD Secure Shell server...
Nov 27 10:13:48 host16 sshd[502]: Missing privilege separation directory: /var/run/sshd
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Control process exited, code=exited status=255
Nov 27 10:13:48 host16 systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Unit entered failed state.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Failed with result 'exit-code'.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Nov 27 10:13:48 host16 systemd[1]: Stopped OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: Failed to reset devices.list on /system.slice/ssh.service: Operation not permitted
Nov 27 10:13:48 host16 systemd[1]: Starting OpenBSD Secure Shell server...
Nov 27 10:13:48 host16 sshd[503]: Missing privilege separation directory: /var/run/sshd
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Control process exited, code=exited status=255
Nov 27 10:13:48 host16 systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Unit entered failed state.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Failed with result 'exit-code'.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Nov 27 10:13:48 host16 systemd[1]: Stopped OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: Failed to reset devices.list on /system.slice/ssh.service: Operation not permitted
Nov 27 10:13:48 host16 systemd[1]: Starting OpenBSD Secure Shell server...
Nov 27 10:13:48 host16 sshd[504]: Missing privilege separation directory: /var/run/sshd
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Control process exited, code=exited status=255
Nov 27 10:13:48 host16 systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Unit entered failed state.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Failed with result 'exit-code'.
Nov 27 10:13:49 host16 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Nov 27 10:13:49 host16 systemd[1]: Stopped OpenBSD Secure Shell server.
Nov 27 10:13:49 host16 systemd[1]: ssh.service: Start request repeated too quickly.
Nov 27 10:13:49 host16 systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 27 10:13:49 host16 systemd[1]: ssh.service: Unit entered failed state.
Nov 27 10:13:49 host16 systemd[1]: ssh.service: Failed with result 'start-limit-hit'.
Nov 27 10:13:49 host16 systemd[1]: Started /etc/rc.local Compatibility.
Nov 27 10:13:49 host16 systemd[1]: Failed to reset devices.list on /system.slice/plymouth-quit.service: Operation not permitted
Nov 27 10:13:49 host16 systemd[1]: Starting Terminate Plymouth Boot Screen...
Nov 27 10:13:49 host16 systemd[1]: Failed to reset devices.list on /system.slice/plymouth-quit-wait.service: Operation not permitted
Nov 27 10:13:49 host16 systemd[1]: Starting Hold until boot process finishes up...
Nov 27 10:13:49 host16 systemd[1]: Failed to reset devices.list on /system.slice/rc-local.service: Operation not permitted
Nov 27 10:13:49 host16 systemd[1]: Started Hold until boot process finishes up.
Nov 27 10:13:49 host16 systemd[1]: Started Container Getty on /dev/pts/1.
Nov 27 10:13:49 host16 systemd[1]: Started Container Getty on /dev/pts/0.
Nov 27 10:13:49 host16 systemd[1]: Failed to reset devices.list on /system.slice/console-getty.service: Operation not permitted
Nov 27 10:13:49 host16 systemd[1]: Started Console Getty.
Nov 27 10:13:49 host16 systemd[1]: Reached target Login Prompts.
Nov 27 10:13:49 host16 systemd[1]: Started Terminate Plymouth Boot Screen.
Nov 27 10:13:52 host16 nslcd[338]: accepting connections
Nov 27 10:13:52 host16 nslcd[275]:    ...done.
Nov 27 10:13:52 host16 systemd[1]: Started LSB: LDAP connection daemon.
Nov 27 10:13:52 host16 systemd[1]: Failed to reset devices.list on /system.slice/cron.service: Operation not permitted
Nov 27 10:13:52 host16 systemd[1]: Started Regular background program processing daemon.
Nov 27 10:13:52 host16 systemd[1]: Failed to reset devices.list on /system.slice/atd.service: Operation not permitted
Run Code Online (Sandbox Code Playgroud)

添加systemd-tmpfiles --create输出

真的很奇怪......我检查过/tmp,这些文件不存在 在此处输入图片说明

kas*_*erd 14

你犯的一个错误是试图sshd用手开始。

如果您改为sshd通过官方开始意味着它应该可以正常工作。该service命令知道在您的发行版上启动服务的正确方法是什么,这应该有效:

service ssh start
Run Code Online (Sandbox Code Playgroud)

对于 sysv init 脚本,这就是您需要做的一切。目录丢失的原因是它/var/run是一个符号链接/run并且/run是一个tmpfs挂载点。这意味着在每次启动时/var/run都会开始为空。当您使用该service命令时,/etc/init.d/ssh脚本将用于启动,sshd但在此之前,/var/run/sshd如果脚本不存在,脚本将创建。

随着systemd工作的事情有点不同。将有一个/usr/lib/tmpfiles.d/sshd.conf包含此内容的文件:

d /var/run/sshd 0755 root root
Run Code Online (Sandbox Code Playgroud)

在引导期间,这应该会导致/var/run/sshd创建目录。您需要验证文件是否存在并具有正确的内容。如果/var/run/sshd目录仍然丢失,您可以验证它是否在您systemd-tmpfiles --create手动运行时被创建。

pep*_*a65 13

所以 /run (和 /var/run 符号链接到它)每次重新启动都会重新创建。除了 systemd-tmpfiles 对包括 (/var)/run/sshd 在内的某些文件没有这样做。

显然,这是由 OpenVZ 内核升级修复的。但是现在要真正修复它,您可以编辑/usr/lib/tmpfiles.d/sshd.conf/var从该行中删除d /var/run/sshd 0755 root root以改为阅读: d /run/sshd 0755 root root

就是这样..!

当 openssh-server 升级时,我们希望他们修复了这个错误(或者它真的是 systemd 或 openvz 中的错误??)——否则你可能会遇到同样的问题。

归档时间:

查看次数:

21845 次

最近记录:

6 年,11 月 前
相关归档
我应该编辑 /etc/crontab 还是以 root 身份运行 crontab -e? 48
我怎么能阻止 ssh 提供错误的密钥? 39
不允许使用 chown 更改目录的组所有者....为什么? 11
Linux 到 Linux,10 TB 传输? 9
iotop 和 iostat 不同意 8
我工作的地方每个人都以 root 身份登录 7
ZFS 无法导入:I/O 错误 7
`ssh -NfR` 等效于 dropbear 6
如何快捷方式而不是键入“python”? 3
在 shell 脚本中使用 sed 替换文件中的 IP 地址 3
难疑归档
Ping 特定端口 769
我可以自动向 known_hosts 添加新主机吗? 298
我应该停止使用 Ifconfig 吗? 185
负载均衡器和反向代理有什么区别? 153
为什么在 Xen 下 TCP accept() 性能这么差? 89
如何从“用户 root 的身份验证失败过多”中恢复 87
当源文件不存在时,如何让“cp”命令不触发错误? 84
如何检查远程 SMTP 服务器的 TLS 证书? 73
如何获取有关 Linux 中 /proc 中显示的打开管道的更多信息? 61
从正在运行的进程中转储 nginx 配置? 59