主页 / server / 问题 / 941855
Accepted
Server Fault
Asked: 2018-11-28 08:45:54 +0800 CST

为什么每次启动后我都缺少 /var/run/sshd ?

  • 772

我在 Proxmox 5.2-11 下运行 Ubuntu 16.04 容器。应用最新一轮补丁1后,我无法在控制台或通过 ssh 登录。

我在管理程序上安装了容器根 FS 并添加pts/0/etc/security/access.conf(我们运行pam_access)并允许根登录到控制台。我们有root : lxc/tty0 lxc/tty1 lxc/tty2access.conf认为足够的东西,所以为什么我pts/0现在需要它是令人费解的。

我注意到 ssh 没有运行,所以尝试手动启动它 ( /usr/sbin/sshd -DDD -f /etc/ssh/sshd_config) 并收到此错误:

Missing privilege separation directory: /var/run/sshd

我手动创建了目录,启动ssh并最终能够登录,但重新启动后,问题仍然存在。未创建目录。只有有用journalctl的部分和唯一有趣的部分是关于“不允许操作”的内容,但没有更多信息。

我对 16.04 不太熟悉,所以想知道如何找到有关该问题的更多信息。我没有/var/log/syslog/var/log/messages只有kern.log这样一种迷失。

1

systemd-sysv 229-4ubuntu21.9
libpam-systemd 229-4ubuntu21.9
libsystemd0 229-4ubuntu21.9
systemd 229-4ubuntu21.9
udev 229-4ubuntu21.9
libudev1 229-4ubuntu21.9
iproute2 4.3.0-1ubuntu3.16.04.4
libsasl2-modules-db 2.1.26.dfsg1-14ubuntu0.1
libsasl2-2 2.1.26.dfsg1-14ubuntu0.1
ldap-utils 2.4.42dfsg-2ubuntu3.4
libldap-2.4-2 2.4.42dfsg-2ubuntu3.4
libsasl2-modules 2.1.26.dfsg1-14ubuntu0.1
libgs9-common 9.25dfsg1-0ubuntu0.16.04.3
ghostscript 9.25dfsg1-0ubuntu0.16.04.3
libgs9 9.25dfsg1-0ubuntu0.16.04.3

[2]

Nov 27 10:13:48 host16 systemd[1]: Starting OpenBSD Secure Shell server...
Nov 27 10:13:48 host16 sshd[474]: Missing privilege separation directory: /var/run/sshd
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Control process exited, code=exited status=255
Nov 27 10:13:48 host16 systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Unit entered failed state.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Failed with result 'exit-code'.
Nov 27 10:13:48 host16 mysqld_safe[495]: Starting mysqld daemon with databases from /var/lib/mysql/mysql
Nov 27 10:13:48 host16 mysqld[500]: 181127 10:13:48 [Note] /usr/sbin/mysqld (mysqld 10.0.36-MariaDB-0ubuntu0.16.04.1) starting as process 499 ...
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Nov 27 10:13:48 host16 systemd[1]: Stopped OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: Failed to reset devices.list on /system.slice/ssh.service: Operation not permitted
Nov 27 10:13:48 host16 systemd[1]: Starting OpenBSD Secure Shell server...
Nov 27 10:13:48 host16 sshd[502]: Missing privilege separation directory: /var/run/sshd
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Control process exited, code=exited status=255
Nov 27 10:13:48 host16 systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Unit entered failed state.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Failed with result 'exit-code'.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Nov 27 10:13:48 host16 systemd[1]: Stopped OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: Failed to reset devices.list on /system.slice/ssh.service: Operation not permitted
Nov 27 10:13:48 host16 systemd[1]: Starting OpenBSD Secure Shell server...
Nov 27 10:13:48 host16 sshd[503]: Missing privilege separation directory: /var/run/sshd
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Control process exited, code=exited status=255
Nov 27 10:13:48 host16 systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Unit entered failed state.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Failed with result 'exit-code'.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Nov 27 10:13:48 host16 systemd[1]: Stopped OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: Failed to reset devices.list on /system.slice/ssh.service: Operation not permitted
Nov 27 10:13:48 host16 systemd[1]: Starting OpenBSD Secure Shell server...
Nov 27 10:13:48 host16 sshd[504]: Missing privilege separation directory: /var/run/sshd
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Control process exited, code=exited status=255
Nov 27 10:13:48 host16 systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Unit entered failed state.
Nov 27 10:13:48 host16 systemd[1]: ssh.service: Failed with result 'exit-code'.
Nov 27 10:13:49 host16 systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Nov 27 10:13:49 host16 systemd[1]: Stopped OpenBSD Secure Shell server.
Nov 27 10:13:49 host16 systemd[1]: ssh.service: Start request repeated too quickly.
Nov 27 10:13:49 host16 systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 27 10:13:49 host16 systemd[1]: ssh.service: Unit entered failed state.
Nov 27 10:13:49 host16 systemd[1]: ssh.service: Failed with result 'start-limit-hit'.
Nov 27 10:13:49 host16 systemd[1]: Started /etc/rc.local Compatibility.
Nov 27 10:13:49 host16 systemd[1]: Failed to reset devices.list on /system.slice/plymouth-quit.service: Operation not permitted
Nov 27 10:13:49 host16 systemd[1]: Starting Terminate Plymouth Boot Screen...
Nov 27 10:13:49 host16 systemd[1]: Failed to reset devices.list on /system.slice/plymouth-quit-wait.service: Operation not permitted
Nov 27 10:13:49 host16 systemd[1]: Starting Hold until boot process finishes up...
Nov 27 10:13:49 host16 systemd[1]: Failed to reset devices.list on /system.slice/rc-local.service: Operation not permitted
Nov 27 10:13:49 host16 systemd[1]: Started Hold until boot process finishes up.
Nov 27 10:13:49 host16 systemd[1]: Started Container Getty on /dev/pts/1.
Nov 27 10:13:49 host16 systemd[1]: Started Container Getty on /dev/pts/0.
Nov 27 10:13:49 host16 systemd[1]: Failed to reset devices.list on /system.slice/console-getty.service: Operation not permitted
Nov 27 10:13:49 host16 systemd[1]: Started Console Getty.
Nov 27 10:13:49 host16 systemd[1]: Reached target Login Prompts.
Nov 27 10:13:49 host16 systemd[1]: Started Terminate Plymouth Boot Screen.
Nov 27 10:13:52 host16 nslcd[338]: accepting connections
Nov 27 10:13:52 host16 nslcd[275]:    ...done.
Nov 27 10:13:52 host16 systemd[1]: Started LSB: LDAP connection daemon.
Nov 27 10:13:52 host16 systemd[1]: Failed to reset devices.list on /system.slice/cron.service: Operation not permitted
Nov 27 10:13:52 host16 systemd[1]: Started Regular background program processing daemon.
Nov 27 10:13:52 host16 systemd[1]: Failed to reset devices.list on /system.slice/atd.service: Operation not permitted

添加的systemd-tmpfiles --create输出

真的很奇怪......我检查了/tmp这些文件不存在 在此处输入图像描述

linux

6 个回答

  1. 您犯的一个错误是尝试sshd手动开始。

    如果您改为sshd通过官方方式开始,它应该可以正常工作。该service命令知道在您的发行版上启动服务的正确方法是什么,这应该有效:

    service ssh start

    对于 sysv init 脚本,这就是您需要做的一切。目录丢失的原因是它/var/run是一个符号链接/run并且/run是一个tmpfs挂载点。这意味着在每次启动/var/run时都会开始为空。当您使用该service命令时,/etc/init.d/ssh脚本将用于启动,但在此之前,如果脚本不存在,sshd则会创建该脚本。/var/run/sshd

    随着systemd事情的发展有点不同。将/usr/lib/tmpfiles.d/sshd.conf使用此内容调用一个文件:

    d /var/run/sshd 0755 root root

    在引导期间,这应该会导致/var/run/sshd创建目录。您需要验证文件是否存在并具有正确的内容。如果该/var/run/sshd目录仍然丢失,您可以验证它是否在您systemd-tmpfiles --create手动运行时创建。

    • 17
  2. Best Answer

    所以 /run (和 /var/run 符号链接到它)每次重新启动都会重新创建。除了 systemd-tmpfiles 对包括 (/var)/run/sshd 在内的某些文件没有这样做。

    显然,这是通过 OpenVZ 内核升级修复的。但是现在要实际修复它,您需要编辑/usr/lib/tmpfiles.d/sshd.conf/var从行中删除d /var/run/sshd 0755 root root以改为阅读: d /run/sshd 0755 root root

    就是这样..!

    当 openssh-server 升级时,我们希望他们能修复这个 bug(或者它真的是 systemd 中的一个 bug?还是 openvz ??)——否则你可能会遇到同样的问题。

    • 13

  3. 显然,当运行 OpenVZ 内核 2.6.32-042stab134.7 或更新版本时,这会得到解决。我觉得奇怪的是在 systemd 启动脚本中无法以某种方式修复。可能像在启动后自动创建 /run/sshd/ 然后启动 sshd 这样的丑陋黑客会起作用。

    我的输出systemd-tmpfiles --create

    [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring.
fchownat() of /run/named failed: Invalid argument
Failed to openat(/dev/simfs): Operation not permitted
Failed to validate path /var/run/screen: Too many levels of symbolic links
Failed to validate path /var/run/sshd: Too many levels of symbolic links
Failed to validate path /var/run/sudo: Too many levels of symbolic links
Failed to validate path /var/run/sudo/ts: Too many levels of symbolic links
fchownat() of /run/systemd/netif failed: Invalid argument
fchownat() of /run/systemd/netif/links failed: Invalid argument
fchownat() of /run/systemd/netif/leases failed: Invalid argument
fchownat() of /run/log/journal failed: Invalid argument
fchownat() of /run/log/journal/e9e1d08bc42c48999865b96c250f40cc failed: Invalid argument
fchownat() of /run/log/journal/e9e1d08bc42c48999865b96c250f40cc/system.journal failed: Invalid argument

    OpenVZ 2.6.32-042stab134.7 的更新日志这样说:

    使用 systemd 229-4ubuntu21.9 运行 Ubuntu 容器可能会导致服务无法启动,因为 systemd-tmpfiles 由于符号链接问题而无法验证路径。(PSBM-90038)

    • 4

  4. 尽管多年来我在 systemd 上遇到的麻烦一样多,但我必须承认这个问题源于 Ansible同步指令。

    出于某种原因,在使用我们的 ansbile 脚本配置此主机后,它离开了 / 目录(以及 /etc、/opt 和其他)由管理员用户拥有,而不是 root。运行chown纠正后,/var/run/sshd现在再次在启动时创建。

    我真的很感谢所有的输入,但这里没有错误,至少在将不适当的所有权应用于根目录导致未定义的系统行为的意义上。

    • 2

  5. 我也有这种行为。我的问题是 ssh.socket 以某种方式启用。禁用 ssh.socket 时,ssh.service 确实会在启动时正常启动。

    • 0

  6. 我看到的一种方法是在您的 Dockerfile 中简单地创建该目录。

    FROM debian:buster
MAINTAINER Adam Z Winter

# Steps done in one RUN layer:
# - Install packages
RUN apt-get update && \
    apt-get -y install openssh-server && \
    mkdir -p /var/run/sshd

COPY files/entrypoint /

EXPOSE 22

ENTRYPOINT ["/entrypoint"]
    • 0

相关问题