神奇的sshd又登陆不了拉,以为是fedora27的bug,在官方bug中并没有此类的信息,ssh登陆表现如下:
[cnangel@localhost ~]$ssh 127.0.0.1
cnangel@127.0.0.1's password:
packet_write_wait: Connection to 127.0.0.1 port 22: Broken pipe
服务端sshd日志:
[cnangel@localhost ~]$systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2018-01-26 10:20:36 CST; 1min 14s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 6126 (sshd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/sshd.service
└─6126 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc -oMACs=umac-128-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@o
1月 26 10:20:36 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
1月 26 10:20:36 localhost.localdomain sshd[6126]: Server listening on 0.0.0.0 port 22.
1月 26 10:20:36 localhost.localdomain sshd[6126]: Server listening on :: port 22.
1月 26 10:20:36 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
1月 26 10:20:40 localhost.localdomain sshd[6134]: Accepted password for cnangel from 127.0.0.1 port 48874 ssh2
1月 26 10:20:40 localhost.localdomain sshd[6134]: fatal: privsep_preauth: preauth child terminated by signal 31
开始以为和fedora以前版本一样,是在沙箱机制里面,但发现fedora27早抛弃了此机制,于是乎以为是openssl版本的问题,是一个隐藏bug,但看了openssl最近的issue反馈,也没有人遇到类似的问题,难道是我的"幸运日"?
通过对比新安装fedora27和正在有问题的fedora27,排除了库版本的问题,只有新增的库,新增的库里面有网络相关的只有astrill,对,就是这个"翻墙软件",这个软件卸载之后,发现ssh就正常使用了,然后分析原因,通过命令:
rpm -q --scripts astrill
查看到:
preinstall scriptlet (using /bin/sh):
# Disable SELinux - LSP crashes with SELinux enabled which breaks booting and crashes various apps
if which setenforce >/dev/null 2>&1 ; then
setenforce 0 2>/dev/null >/dev/null
fi
if [ -f /etc/selinux/config ]; then
[ ! -L /etc/sysconfig/selinux ] && ln -sf ../selinux/config /etc/sysconfig/selinux
sed -i "s/^SELINUX=.*\$/SELINUX=disabled/" /etc/selinux/config
fi
# Uninstall old version from home folder
# We need to guess $HOME folder as Ubuntu Software Center doesn't set this variable!
for user in /home/* "$HOME"
do
if [ -e "$user/Astrill/uninstall" ]; then
export HOME="$user"
"$user/Astrill/uninstall" || exit 1
exit 0
fi
done
exit 0
postinstall scriptlet (using /bin/sh):
if which wmctrl >/dev/null 2>&1 ; then
wmctrl -c "Mozilla Firefox"
else
killall -q firefox firefox-bin
fi
/usr/local/Astrill/asproxy --init
# This is not working as $HOME is not set in Ubuntu Software Center
# xdg-desktop-icon install --novendor /usr/local/Astrill/Astrill.desktop
# Create desktop icon for all users
for user in /home/* "$HOME"
do
if [ -d "$user/Desktop" ]; then
echo y | cp -f /usr/local/Astrill/Astrill.desktop "$user/Desktop/"
chmod 755 "$user/Desktop/Astrill.desktop"
chown $(stat -c '%u:%g' "$user/Desktop") "$user/Desktop/Astrill.desktop"
fi
done
# Pin Astrill icon in Unity launchbar
# This doesn't work
#if [ "$XDG_CURRENT_DESKTOP" = "Unity" ]; then
# if ! gsettings get com.canonical.Unity.Launcher favorites|grep -i Astrill >/dev/null; then
# gsettings set com.canonical.Unity.Launcher favorites "`echo [$(gsettings get com.canonical.Unity.Launcher favorites|grep -Eo "'.*'"), "'Astrill.desktop'"]`"
# fi
#fi
# Reload menus
if [ -x "`which update-menus 2>/dev/null`" ]; then
update-menus
fi
# Reload icon cache
if which update-icon-caches >/dev/null 2>&1 ; then
update-icon-caches /usr/share/icons/hicolor
fi
exit 0
preuninstall scriptlet (using /bin/sh):
if which wmctrl >/dev/null 2>&1 ; then
wmctrl -c "Mozilla Firefox"
else
killall -q firefox firefox-bin
fi
/usr/local/Astrill/asproxy --uninit
/usr/local/Astrill/astrill /uninstall
exit 0
postuninstall scriptlet (using /bin/sh):
if [ "$1" != "upgrade" ]; then
# Remove Desktop icon and Astrill config files for each user
#xdg-desktop-icon uninstall --novendor Astrill.desktop
for user in /home/* "$HOME"
do
rm -f "$user/Desktop/Astrill.desktop"
if [ -d "$user/.config/astrill" ]; then
rm -rf "$user/.config/astrill"
fi
done
# Remove Astrill menu icon
rm -f /usr/share/applications/Astrill.desktop
if [ -x "`which update-menus 2>/dev/null`" ]; then
update-menus
fi
if which update-icon-caches >/dev/null 2>&1 ; then
update-icon-caches /usr/share/icons/hicolor
fi
fi
exit 0
里面有一个/usr/local/Astrill/asproxy程序,这个程序在init的时候屏蔽了一些东东,导致ssh问题,找到原因后,如果需要ssh成功,则使用命令:
/usr/local/Astrill/asproxy --uninit
即可。
另外,astrill的linux最新版本是astrill-3.2.0-2068,还不支持openssl-devel-1.1.0,因为astrill使用的是compat-openssl10库,启动的时候会找优先找libssl.so,如果有openssl-devel-1.1.0以上版本,那么出现不兼容,导致astrillssl连接出现问题,无法正常启动。
astrill官网有些歧视fedora用户,建议大家有更好用的 :)
