fedora22上ssh 的问题

| No Comments

最近安全的问题很多,fedora22的操作系统默认设置严格了很多,所以继续捣腾吧!

这次出现的问题是从其他机器登陆fedora22的ssh服务的时候,出现

packet_write_wait: Connection to 192.168.1.23: Broken pipe

开始以为是selinux的策略导致,后来以为是openssh的bug,但更新了一版后,仍然无法登陆,包括本地。通过调试sshd服务:

sudo /usr/sbin/sshd -Dddd

然后通过客户端ssh命令连接时,发现服务端出现:

debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
privsep_preauth: preauth child terminated by signal 31
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering

不是私钥权限问题,是一个privsep模块的认证出现问题,然后在sshd的配置文件(/etc/ssh/sshd_config)里面查找到:

UsePrivilegeSeparation sandbox # Default for new installations.

原来默认新安装openssh的时候是沙盒模式,故解决方式是注释这条配置即可。

Leave a comment

Archives

Pages

Powered by Movable Type 6.0.3

June 2015

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        

Recent Assets

  • linux_observability_sar.png
  • linux_tuning_tools.png
  • linux_benchmarking_tools.png
  • linux_observability_tools.png
  • 124634H32-4.jpg
  • 1246343U8-3.jpg
  • L2TP.jpg
  • Site-to-site-pptp-example.jpg
  • 12463410D-0.png
  • 20131129125550843.jpg
Creative Commons License
This blog is licensed under a Creative Commons License.

About this Entry

This page contains a single entry by Cnangel published on June 11, 2015 9:32 AM.

ptrace: Operation not permitted. was the previous entry in this blog.

mysql多线程问题 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.