我在 Fedora 40 Workstation 上。我注意到它dnf抱怨 SQLite 数据库损坏,我尝试按照在线教程修复它。我以为我复制了 rpmdb 文件,但我错了 [^1]。
现在系统不知道任何已安装的 RPM 文件。有没有办法在不重新安装的情况下修复此问题?
[^1] 我以为复制了目录/var/lib/rpm。我没有意识到它现在是一个符号链接,所以我复制了它。这个故事的寓意是,在尝试破坏系统的更改之前,你必须喝咖啡!
我需要让 ip-tables 在我的机器上持久化。通过创建以下在我的网络启动时运行的文件,我能够在基于 Debian 的系统上做到这一点:
/etc/network/if-up.d/run-iptables
#!/bin/sh
iptables-restore /etc/iptables/rules.v4
我尝试使用以下文件在基于 Fedora 的系统(CentOS、RHEL、Fedore ......)上做同样的事情: /etc/sysconfig/network-scripts/ifup 但不幸的是它不起作用。
关于如何在不使用任何额外服务的情况下执行此操作的任何想法?
谢谢
我使用的命令如下所示:
ssh -o ProxyCommand='ncat --proxy-type socks5 --proxy 127.0.0.1:3744 %h %p' [email protected]
由于更新到 Fedora 35,连接失败并显示错误消息
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
我确认代理仍然可以通过 Web 浏览器使用。使用另一台计算机或在容器中使用 Fedora 34 与服务器的连接仍然有效。在容器中使用 Fedora 35 时失败。我还可以使用不同的服务器重现结果。
详细输出似乎没有帮助
OpenSSH_8.7p1, OpenSSL 1.1.1l FIPS 24 Aug 2021
debug1: Reading configuration data /home/me/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /home/me/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Executing proxy command: exec ncat -v --proxy-type socks5 --proxy 127.0.0.1:3744 example.com 22
debug1: identity file /home/me/.ssh/id_rsa type 0
debug1: identity file /home/me/.ssh/id_rsa-cert type -1
debug1: identity file /home/me/.ssh/id_dsa type -1
debug1: identity file /home/me/.ssh/id_dsa-cert type -1
debug1: identity file /home/me/.ssh/id_ecdsa type -1
debug1: identity file /home/me/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/me/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/me/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/me/.ssh/id_ed25519 type -1
debug1: identity file /home/me/.ssh/id_ed25519-cert type -1
debug1: identity file /home/me/.ssh/id_ed25519_sk type -1
debug1: identity file /home/me/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/me/.ssh/id_xmss type -1
debug1: identity file /home/me/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.7
Ncat: Version 7.91 ( https://nmap.org/ncat )
Ncat: Connected to proxy 127.0.0.1:3744
Ncat: No authentication needed.
Ncat: Host example.com will be resolved by the proxy.
Ncat: connection succeeded.
Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
我有几件事希望能够在 Fedora 上作为服务器站起来。我知道我至少可以运行其中的一些,podman或者docker但我已经知道如何做到这一点。我也已经知道如何将其用于现有服务,例如ssh我只想通过以下方式使用自定义端口:
sudo semanage port -a -t ssh_port_t -p tcp 2222
但我的问题是 selinux 已经定义了ssh_port_t类型。如果我有一些由于某种原因我不能或不想在容器中运行的自定义应用程序怎么办,我将如何允许端口用于没有预定义类型的东西semanage port --list?
对于此示例,假设我正在尝试运行 /path/myNiftyGameServer 并希望允许它连接到 udp 端口 12345(目前在我的系统上未使用)。我怎样才能做到这一点?
背景方面,我并不声称自己是大师,但总体上我感觉对 bash 和 Linux 相对精通,但在 SELinux 方面我仍然是一个新手(我知道标签、restorecon. 和一些基本semanage命令,但我仍然学习)。
请假设我不愿意简单地禁用 SELinux(因为我是)。如果这个问题看起来不切实际,可以提出其他建议,但我之所以问主要是因为我很好奇这个问题在 SELinux 中将如何解决,并且除了像我的 ssh 这样的现有类型之外,我自己无法找到解决方案上面的例子。请随时为 SELinux 新手推荐其他相关的阅读主题。
编辑:根据我在 Centos 上找到的 Starbound 服务器和Soldat Dedicated server policy的额外搜索,我猜我可能需要学习如何编写 SELinux 策略?当一项服务根本没有名称但我仍然想学习如何做时,我需要这么多真是太疯狂了。
编辑 2:在花了一些时间阅读它们之后,Starbound 链接似乎不是我所追求的;唯一的 SELinux 策略编写是针对单独的 Apache 服务器(Apache 已经定义)而不是游戏服务器。Soldat 似乎与我所追求的非常接近,但我认为我需要一本关于政策写作的入门书才能到达那里。特别是,我真的只对如何为自定义服务器/Web 服务打开端口感兴趣。设置文件路径访问听起来也不错,但是我可以使用用户帐户来管理它,而即使我在 firewall-cmd(firewalld)中打开一个网络端口,如果我没记错的话,它仍然会被 SELinux 阻止(我知道我有这个过去的问题,但我想我可以重新测试以确定)。
我在 Fedora 34(= 主机系统)上,我的 docker 容器中有问题,无法解析任何域。在主机分辨率上没有问题。
这是我尝试过的:
- 重启并重新安装docker
- 禁用防火墙
- 重启机器
- 重启dns
- 不同的码头工人图像
- 在 docker 中明确设置 dns(见下文)
- 在 docker 中使用网络模式(见下文)
- 禁用 ipv6
但是,我无法在任何容器中解析名称:
~ docker run busybox nslookup google.com
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
Name: google.com
Address: 142.251.36.174
*** Can't find google.com: No answer
如上所述,它适用于主机:
~ nslookup google.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: google.com
Address: 142.251.36.206
Name: google.com
Address: 2a00:1450:4016:809::200e
奇怪的是,即使使用主机网络运行或显式设置 dns 也无济于事:
尝试使用主机 dns 进行设置(这里甚至说超时......)
~ docker run --dns 127.0.0.53 busybox nslookup google.com
;; connection timed out; no servers could be reached
用谷歌 dns 试过:
~ docker run --dns 8.8.8.8 busybox nslookup google.com
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
Name: google.com
Address: 142.251.36.238
*** Can't find google.com: No answer
尝试使用主机网络:
~ docker run --network="host" busybox nslookup google.com
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
Name: google.com
Address: 142.251.36.238
*** Can't find google.com: No answer
我没有想法了..任何人都有提示,这里发生了什么?
附加信息:它曾经可以工作,据我所知,我没有更改系统上的任何内容,这可能会对此产生影响。
我试图阻止网络上的一些主机外出/打电话回家。
所以我有2个区域。
[root@eagle ~]# firewall-cmd --get-active-zones
external
interfaces: enp2s0
internal
interfaces: eno1
伪装成external
[root@eagle ~]# firewall-cmd --zone=internal --query-masquerade
no
[root@eagle ~]# firewall-cmd --zone=external --query-masquerade
yes
而且我有一个丰富的规则来删除我想要的 MAC 地址的数据
[root@eagle ~]# firewall-cmd --zone=external --list-rich-rules
rule source mac="40:16:3B:63:72:E0" drop
但这似乎不起作用。我检查的明显事情是将它们添加为永久并确保我重新加载了规则。
任何帮助表示赞赏
不幸的是,我的 HP ProLiant DL380e G8 服务器运行 Fedora Server 34 时出现问题。我怀疑这些是内存错误或 DIMM 出现/变坏,但我不确定。
非常欢迎反馈!
我已经跑了journalctl -r,它在 PasteBin 链接中返回以下输出(看起来与众不同的片段):https ://pastebin.com/KPUZHceD
感谢所有帮助和想法!
亲切的问候
编辑:针对@Michael Hampton 的评论:此处发布的输出:
<27>Sep 7 17:03:51 mcelog: Location: SOCKET:0 CHANNEL:3 DIMM:1 []
Sep 07 17:03:51 turbo mcelog[1304]: Location: SOCKET:0 CHANNEL:3 DIMM:1 []
Sep 07 17:03:51 turbo mcelog[1303]: <27>Sep 7 17:03:51 mcelog: corrected DIMM memory error count exceeded threshold: 10 in 24h
Sep 07 17:03:51 turbo mcelog[1303]: corrected DIMM memory error count exceeded threshold: 10 in 24h
Sep 07 17:03:51 turbo mcelog[1304]: <27>Sep 7 17:03:51 mcelog: Location: SOCKET:0 CHANNEL:3 DIMM:1 []
Sep 07 17:03:51 turbo mcelog[1304]: Location: SOCKET:0 CHANNEL:3 DIMM:1 []
Sep 07 17:03:51 turbo mcelog[1303]: <27>Sep 7 17:03:51 mcelog: corrected DIMM memory error count exceeded threshold: 10 in 24h
Sep 07 17:03:51 turbo mcelog[1303]: corrected DIMM memory error count exceeded threshold: 10 in 24h
Sep 07 17:03:51 turbo mcelog[1067]: CPUID Vendor Intel Family 6 Model 45 Step 7
Sep 07 17:03:51 turbo mcelog[1067]: MICROCODE 71a
Sep 07 17:03:51 turbo mcelog[1067]: MCGCAP 1000812 APICID 2 SOCKETID 0
Sep 07 17:03:51 turbo mcelog[1067]: STATUS c80000c400800093 MCGSTATUS 0
Sep 07 17:03:51 turbo mcelog[1067]: MemCtrl:
Sep 07 17:03:51 turbo mcelog[1067]: Transaction: Memory read error
Sep 07 17:03:51 turbo mcelog[1067]: MCA: MEMORY CONTROLLER RD_CHANNEL3_ERR
Sep 07 17:03:51 turbo mcelog[1067]: MCi_MISC register valid
Sep 07 17:03:51 turbo mcelog[1067]: Corrected error
Sep 07 17:03:51 turbo mcelog[1067]: Error overflow
Sep 07 17:03:51 turbo mcelog[1067]: MCi status:
Sep 07 17:03:51 turbo mcelog[1067]: MCG status:
Sep 07 17:03:51 turbo mcelog[1067]: TIME 1631027031 Tue Sep 7 17:03:51 2021
Sep 07 17:03:51 turbo mcelog[1067]: MISC d22131295c834800
Sep 07 17:03:51 turbo mcelog[1067]: CPU 1 BANK 11
Sep 07 17:03:51 turbo mcelog[1067]: MCE 7
Sep 07 17:03:51 turbo mcelog[1067]: Hardware event. This is not a software error.
Sep 07 17:03:51 turbo mcelog[1067]: CPUID Vendor Intel Family 6 Model 45 Step 7
Sep 07 17:03:51 turbo mcelog[1067]: MICROCODE 71a
Sep 07 17:03:51 turbo mcelog[1067]: MCGCAP 1000812 APICID 3 SOCKETID 0
Sep 07 17:03:51 turbo mcelog[1067]: STATUS c80000c400800093 MCGSTATUS 0
Sep 07 17:03:51 turbo mcelog[1067]: MemCtrl:
Sep 07 17:03:51 turbo mcelog[1067]: Transaction: Memory read error
Sep 07 17:03:51 turbo mcelog[1067]: MCA: MEMORY CONTROLLER RD_CHANNEL3_ERR
Sep 07 17:03:51 turbo mcelog[1067]: MCi_MISC register valid
Sep 07 17:03:51 turbo mcelog[1067]: Corrected error
Sep 07 17:03:51 turbo mcelog[1067]: Error overflow
Sep 07 17:03:51 turbo mcelog[1067]: MCi status:
Sep 07 17:03:51 turbo mcelog[1067]: MCG status:
Sep 07 17:03:51 turbo mcelog[1067]: TIME 1631027031 Tue Sep 7 17:03:51 2021
Sep 07 17:03:51 turbo mcelog[1067]: MISC d22131295c834800
Sep 07 17:03:51 turbo mcelog[1067]: CPU 13 BANK 11
Sep 07 17:03:51 turbo mcelog[1067]: MCE 6
Sep 07 17:03:51 turbo mcelog[1067]: Hardware event. This is not a software error.
Sep 07 17:03:51 turbo mcelog[1067]: CPUID Vendor Intel Family 6 Model 45 Step 7
Sep 07 17:03:51 turbo mcelog[1067]: MICROCODE 71a
Sep 07 17:03:51 turbo mcelog[1067]: MCGCAP 1000812 APICID 0 SOCKETID 0
Sep 07 17:03:51 turbo mcelog[1067]: STATUS c80000c400800093 MCGSTATUS 0
Sep 07 17:03:51 turbo mcelog[1067]: MemCtrl:
Sep 07 17:03:51 turbo mcelog[1067]: Transaction: Memory read error
Sep 07 17:03:51 turbo mcelog[1067]: MCA: MEMORY CONTROLLER RD_CHANNEL3_ERR
Sep 07 17:03:51 turbo mcelog[1067]: MCi_MISC register valid
Sep 07 17:03:51 turbo mcelog[1067]: Corrected error
Sep 07 17:03:51 turbo mcelog[1067]: Error overflow
Sep 07 17:03:51 turbo mcelog[1067]: MCi status:
Sep 07 17:03:51 turbo mcelog[1067]: MCG status:
Sep 07 17:03:51 turbo mcelog[1067]: TIME 1631027031 Tue Sep 7 17:03:51 2021
Sep 07 17:03:51 turbo mcelog[1067]: MISC d22131295c834800
Sep 07 17:03:51 turbo mcelog[1067]: CPU 0 BANK 11
Sep 07 17:03:51 turbo mcelog[1067]: MCE 5
Sep 07 17:03:51 turbo mcelog[1067]: Hardware event. This is not a software error.
Sep 07 17:03:51 turbo mcelog[1067]: Running trigger `dimm-error-trigger' (reporter: memdb)
Sep 07 17:03:51 turbo mcelog[1067]: CPUID Vendor Intel Family 6 Model 45 Step 7
Sep 07 17:03:51 turbo mcelog[1067]: MICROCODE 71a
Sep 07 17:03:51 turbo mcelog[1067]: MCGCAP 1000812 APICID 6 SOCKETID 0
Sep 07 17:03:51 turbo mcelog[1067]: STATUS c80000c400800093 MCGSTATUS 0
Sep 07 17:03:51 turbo mcelog[1067]: MemCtrl:
Sep 07 17:03:51 turbo mcelog[1067]: Transaction: Memory read error
Sep 07 17:03:51 turbo mcelog[1067]: MCA: MEMORY CONTROLLER RD_CHANNEL3_ERR
Sep 07 17:03:51 turbo mcelog[1067]: MCi_MISC register valid
Sep 07 17:03:51 turbo mcelog[1067]: Corrected error
Sep 07 17:03:51 turbo mcelog[1067]: Error overflow
Sep 07 17:03:51 turbo mcelog[1067]: MCi status:
Sep 07 17:03:51 turbo mcelog[1067]: MCG status:
Sep 07 17:03:51 turbo mcelog[1067]: TIME 1631027031 Tue Sep 7 17:03:51 2021
Sep 07 17:03:51 turbo mcelog[1067]: MISC d22131295c834800
Sep 07 17:03:51 turbo mcelog[1067]: CPU 3 BANK 11
Sep 07 17:03:51 turbo mcelog[1067]: MCE 4
Sep 07 17:03:51 turbo mcelog[1067]: Hardware event. This is not a software error.
Sep 07 17:03:51 turbo mcelog[1067]: CPUID Vendor Intel Family 6 Model 45 Step 7
Sep 07 17:03:51 turbo mcelog[1067]: MICROCODE 71a
Sep 07 17:03:51 turbo mcelog[1067]: MCGCAP 1000812 APICID a SOCKETID 0
Sep 07 17:03:51 turbo mcelog[1067]: STATUS c801c00400800093 MCGSTATUS 0
Sep 07 17:03:51 turbo mcelog[1067]: MemCtrl:
Sep 07 17:03:51 turbo mcelog[1067]: Transaction: Memory read error
Sep 07 17:03:51 turbo mcelog[1067]: MCA: MEMORY CONTROLLER RD_CHANNEL3_ERR
Sep 07 17:03:51 turbo mcelog[1067]: MCi_MISC register valid
Sep 07 17:03:51 turbo mcelog[1067]: Corrected error
Sep 07 17:03:51 turbo mcelog[1067]: Error overflow
Sep 07 17:03:51 turbo mcelog[1067]: MCi status:
Sep 07 17:03:51 turbo mcelog[1067]: MCG status:
Sep 07 17:03:51 turbo mcelog[1067]: TIME 1631027031 Tue Sep 7 17:03:51 2021
Sep 07 17:03:51 turbo mcelog[1067]: MISC d2213fa689118800
Sep 07 17:03:51 turbo mcelog[1067]: CPU 5 BANK 11
Sep 07 17:03:51 turbo mcelog[1067]: MCE 3
Sep 07 17:03:51 turbo mcelog[1067]: Hardware event. This is not a software error.
Sep 07 17:03:51 turbo mcelog[1067]: CPUID Vendor Intel Family 6 Model 45 Step 7
Sep 07 17:03:51 turbo mcelog[1067]: MICROCODE 71a
Sep 07 17:03:51 turbo mcelog[1067]: MCGCAP 1000812 APICID 5 SOCKETID 0
Sep 07 17:03:51 turbo mcelog[1067]: STATUS c801bd8400800093 MCGSTATUS 0
Sep 07 17:03:51 turbo mcelog[1067]: MemCtrl:
Sep 07 17:03:51 turbo mcelog[1067]: Transaction: Memory read error
Sep 07 17:03:51 turbo mcelog[1067]: MCA: MEMORY CONTROLLER RD_CHANNEL3_ERR
Sep 07 17:03:51 turbo mcelog[1067]: MCi_MISC register valid
Sep 07 17:03:51 turbo mcelog[1067]: Corrected error
Sep 07 17:03:51 turbo mcelog[1067]: Error overflow
Sep 07 17:03:51 turbo mcelog[1067]: MCi status:
Sep 07 17:03:51 turbo mcelog[1067]: MCG status:
Sep 07 17:03:51 turbo mcelog[1067]: TIME 1631027031 Tue Sep 7 17:03:51 2021
Sep 07 17:03:51 turbo mcelog[1067]: MISC d2213f0649118800
Sep 07 17:03:51 turbo mcelog[1067]: CPU 14 BANK 11
Sep 07 17:03:51 turbo mcelog[1067]: MCE 2
Sep 07 17:03:51 turbo mcelog[1067]: Hardware event. This is not a software error.
Sep 07 17:03:51 turbo mcelog[1067]: CPUID Vendor Intel Family 6 Model 45 Step 7
Sep 07 17:03:51 turbo mcelog[1067]: MICROCODE 71a
Sep 07 17:03:51 turbo mcelog[1067]: MCGCAP 1000812 APICID 1 SOCKETID 0
Sep 07 17:03:51 turbo mcelog[1067]: STATUS c801bec400800093 MCGSTATUS 0
Sep 07 17:03:51 turbo mcelog[1067]: MemCtrl:
Sep 07 17:03:51 turbo mcelog[1067]: Transaction: Memory read error
Sep 07 17:03:51 turbo mcelog[1067]: MCA: MEMORY CONTROLLER RD_CHANNEL3_ERR
Sep 07 17:03:51 turbo mcelog[1067]: MCi_MISC register valid
Sep 07 17:03:51 turbo mcelog[1067]: Corrected error
Sep 07 17:03:51 turbo mcelog[1067]: Error overflow
Sep 07 17:03:51 turbo mcelog[1067]: MCi status:
Sep 07 17:03:51 turbo mcelog[1067]: MCG status:
Sep 07 17:03:51 turbo mcelog[1067]: TIME 1631027031 Tue Sep 7 17:03:51 2021
Sep 07 17:03:51 turbo mcelog[1067]: MISC d221196e09118800
Sep 07 17:03:51 turbo mcelog[1067]: CPU 12 BANK 11
Sep 07 17:03:51 turbo mcelog[1067]: MCE 1
Sep 07 17:03:51 turbo mcelog[1067]: Hardware event. This is not a software error.
Sep 07 17:03:51 turbo mcelog[1067]: CPUID Vendor Intel Family 6 Model 45 Step 7
Sep 07 17:03:51 turbo mcelog[1067]: MICROCODE 71a
Sep 07 17:03:51 turbo mcelog[1067]: MCGCAP 1000812 APICID 0 SOCKETID 0
Sep 07 17:03:51 turbo mcelog[1067]: STATUS c0107b4000010093 MCGSTATUS 0
Sep 07 17:03:51 turbo mcelog[1067]: Transaction: Memory read error
Sep 07 17:03:51 turbo mcelog[1067]: MCA: MEMORY CONTROLLER RD_CHANNEL3_ERR
Sep 07 17:03:51 turbo mcelog[1067]: Corrected error
Sep 07 17:03:51 turbo mcelog[1067]: Error overflow
Sep 07 17:03:51 turbo mcelog[1067]: STATUS c0107b4000010093 MCGSTATUS 0
Sep 07 17:03:51 turbo mcelog[1067]: Transaction: Memory read error
Sep 07 17:03:51 turbo mcelog[1067]: MCA: MEMORY CONTROLLER RD_CHANNEL3_ERR
Sep 07 17:03:51 turbo mcelog[1067]: Corrected error
Sep 07 17:03:51 turbo mcelog[1067]: Error overflow
Sep 07 17:03:51 turbo mcelog[1067]: MCi status:
Sep 07 17:03:51 turbo mcelog[1067]: MCG status:
Sep 07 17:03:51 turbo mcelog[1067]: TIME 1631027031 Tue Sep 7 17:03:51 2021
Sep 07 17:03:51 turbo mcelog[1067]: CPU 0 BANK 5
Sep 07 17:03:51 turbo mcelog[1067]: MCE 0
Sep 07 17:03:51 turbo mcelog[1067]: Hardware event. This is not a software error.
Sep 07 17:03:51 turbo mcelog[1067]: mcelog: mcelog read: Input/output error
Sep 07 17:03:51 turbo kernel: ERST: [Firmware Warn]: Firmware does not respond in time.
Sep 07 17:03:51 turbo kernel: mce: [Hardware Error]: Machine check events logged
Sep 07 17:03:51 turbo kernel: mce: [Hardware Error]: Machine check events logged
Sep 07 17:03:51 turbo kernel: mce_notify_irq: 6 callbacks suppressed
我有一台戴尔 PowerEdge R720,它的背面只有一个地方可以插入网线。但它有 5 个可能的网络接口:
但是当我跑步时它们都DOWN了ip link show
我尝试在 /etc/sysconfig/network-scripts/ 中为每个接口添加一个文件,尝试手动设置 IP 与使用 DHCP,但似乎没有任何效果。
我systemctl restart NetworkManager在进行更改时运行并在日志中看到:
eno1 状态更改:非托管 -> 不可用原因 sys-iface-state:外部
我知道插入的网线可以正常工作,在另一台计算机上尝试过。任何想法接下来要尝试什么?我怎么知道哪个接口 eno1、eno2、eno3、eno4 或 enp0s26u1u2u4u4 是正确的?
这是另一个 SSH 问题。它在更新到 Fedora 33 之前有效,但现在它没有,这让我相信这是一个客户端问题。有人在日志中看到可以提供线索的东西吗?不幸的是,我只是一个业余爱好者,而不是专家。
ssh -vvv 日志:
ssh testuser@testserver -vvv
OpenSSH_8.4p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host testserver originally testserver
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host testserver originally testserver
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/test/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/test/.ssh/known_hosts2'
debug2: resolving "testserver" port 22
debug2: ssh_connect_direct
debug1: Connecting to testserver [111.111.111.111] port 22.
debug1: Connection established.
debug1: identity file /home/test/.ssh/id_rsa type -1
debug1: identity file /home/test/.ssh/id_rsa-cert type -1
debug1: identity file /home/test/.ssh/id_dsa type -1
debug1: identity file /home/test/.ssh/id_dsa-cert type -1
debug1: identity file /home/test/.ssh/id_ecdsa type -1
debug1: identity file /home/test/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/test/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/test/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/test/.ssh/id_ed25519 type -1
debug1: identity file /home/test/.ssh/id_ed25519-cert type -1
debug1: identity file /home/test/.ssh/id_ed25519_sk type -1
debug1: identity file /home/test/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/test/.ssh/id_xmss type -1
debug1: identity file /home/test/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u8
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u8 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to testserver:22 as 'testuser'
debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from testserver
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: [email protected] need=32 dh_need=32
debug1: kex: [email protected] need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:IM4bKknzoKNTV6xGlCYGhs0e0VwhgOhDIdQO7AmJeQQ
debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from testserver
debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 111.111.111.111
debug1: Host 'testserver' is known and matches the ECDSA host key.
debug1: Found key in /home/test/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: testuser@testserver RSA SHA256:WWWWWWWWWWWWWWWWW agent
debug1: Will attempt key: /home/test/.ssh/id_rsa
debug1: Will attempt key: /home/test/.ssh/id_dsa
debug1: Will attempt key: /home/test/.ssh/id_ecdsa
debug1: Will attempt key: /home/test/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/test/.ssh/id_ed25519
debug1: Will attempt key: /home/test/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/test/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: testuser@testserver RSA SHA256:WWWWWWWWWWWWWWWWW agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /home/test/.ssh/id_rsa
debug3: no such identity: /home/test/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_dsa
debug3: no such identity: /home/test/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_ecdsa
debug3: no such identity: /home/test/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_ecdsa_sk
debug3: no such identity: /home/test/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_ed25519
debug3: no such identity: /home/test/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_ed25519_sk
debug3: no such identity: /home/test/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_xmss
debug3: no such identity: /home/test/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
testuser@testserver: Permission denied (publickey).
几乎是唯一一个暗示服务器日志的服务器日志条目:
testserver sshd[1111]: Connection closed by ip [preauth]
这是一台旧的 debian 机器,如果这能提供任何线索的话。
我在设置为路由器的主机(i5 cpu、8Gb RAM、SSD 和硬盘)上运行 Fedora 33;它有 5 个 NIC。我已经设法使用 nftables 让双互联网网关和双 LAN 工作得相当好。
一个网关是带 pppoe 的 DSL,另一个是电缆调制解调器。两者都可以连接并且可以看到互联网。两个局域网都可以看到互联网并提供互联网可以看到的服务。IOW、NAT 和转发运行良好。
问题是:我不知道如何设置路由表。问题出在哪个网关具有最低度量标准与 NAT 一起使用并转发到其 LAN,但它关闭了 NAT 并转发到其他网关和 LAN。从 LAN 机器的角度来看,我一次只在一个网关上工作。
root@gata[~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 67.193.x.x 0.0.0.0 UG 100 0 0 coglink
0.0.0.0 206.248.x.x 0.0.0.0 UG 104 0 0 ppp0
10.0.0.0 0.0.0.0 255.0.0.0 U 103 0 0 tekgw
67.193.56.0 0.0.0.0 255.255.248.0 U 100 0 0 coglink
192.168.1.0 0.0.0.0 255.255.255.0 U 102 0 0 coggw
206.248.155.132 0.0.0.0 255.255.255.255 UH 105 0 0 ppp0
我知道可以设置路由,以便 10.0.0.0 上的机器始终使用 ppp0,而 192.168.1.0 上的机器始终使用 coglink,但是关于如何做到这一点的网络搜索一直没有结果。与面向互联网的接口相同。如果有人可以向我指出有关多个接口的 IP 路由的清晰相关教程,我将不胜感激。