tizo

Asked: 2022-03-18 09:27:23 +0800 CST

导出的 glusterfs 的 NFSv4 权限问题

0

我有内核 NFS 服务器的情况。我有两个具有完全相同 ACL 的导出，对 [email protected] 组具有完全权限。一个是 /exports/directo_informatica/，它是带有 XFS 的 LV 的挂载点，另一个是 /exports/gv0_inf/，它是 glusterfs 的挂载点。当使用 NFS 远程挂载并使用组 [email protected] 的用户访问它时，第一个导出工作正常。第二个没有：它可以正确安装，但是当尝试使用同一用户访问它时，它会给出“权限被拒绝”。

如果我使用之前测试的同一用户直接访问 NFS 服务器 (ssh)，我可以毫无问题地访问 /exports/ 中的两个目录。更多详情如下：

操作系统：Rocky Linux 8.5 版（Green Obsidian）

导出目录的 fstab：

/dev/mapper/vg_kvm_sistema-lv_directo_informatica /exports/directo_informatica xfs defaults 0 0
glustersrv02.xx.xx.xx:/gv0_inf /exports/gv0_inf/ glusterfs defaults,acl 0 0

挂载导出的目录：

/dev/mapper/vg_kvm_sistema-lv_directo_informatica on /exports/directo_informatica type xfs (rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota)
glustersrv02.xx.xx.xx:/gv0_inf on /exports/gv0_inf type fuse.glusterfs (rw,relatime,user_id=0,group_id=0,allow_other,max_read=131072)

导出文件：

/exports          *(sec=krb5p,secure,rw,sync,no_wdelay,no_subtree_check,root_squash,fsid=0)
/exports/directo_informatica  *(sec=krb5p,secure,rw,sync,no_wdelay,no_subtree_check,root_squash,mountpoint)
/exports/gv0_inf  *(sec=krb5p,secure,rw,sync,no_wdelay,no_subtree_check,root_squash,mountpoint,fsid=2)

导出的目录 ACL：

# getfacl /exports/directo_informatica/
getfacl: Removing leading '/' from absolute path names
# file: exports/directo_informatica/
# owner: root
# group: root
user::rwx
user:root:rwx
group::r-x
group:root:r-x
group:[email protected]:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::r-x
default:group:root:r-x
default:group:[email protected]:rwx
default:mask::rwx
default:other::---

# getfacl /exports/gv0_inf/
getfacl: Removing leading '/' from absolute path names
# file: exports/gv0_inf/
# owner: root
# group: root
user::rwx
user:root:rwx
group::r-x
group:root:r-x
group:[email protected]:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::r-x
default:group:root:r-x
default:group:[email protected]:rwx
default:mask::rwx
default:other::---

远程安装的目录：

gluster02.adtest.xx.xx.xx:/directo_informatica on /prueba2 type nfs4 (rw,relatime,vers=4.2,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=krb5p,clientaddr=10.2.100.8,local_lock=none,addr=10.2.100.8)
gluster02.adtest.xx.xx.xx:/gv0_inf on /prueba type nfs4 (rw,relatime,vers=4.2,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=krb5p,clientaddr=10.2.100.8,local_lock=none,addr=10.2.100.8)

远程 NFSv4 ACL：

$ nfs4_getfacl /prueba2
# file: /prueba2
A::OWNER@:rwaDxtTcCy
A::[email protected]:rwaDxtcy
A::GROUP@:rxtcy
A:g:[email protected]:rxtcy
A:g:[email protected]@idmpru.xx.xx.xx:rwaDxtcy
A::EVERYONE@:tcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:[email protected]:rwaDxtcy
A:fdi:GROUP@:rxtcy
A:fdig:[email protected]:rxtcy
A:fdig:[email protected]@idmpru.xx.xx.xx:rwaDxtcy
A:fdi:EVERYONE@:tcy

$ nfs4_getfacl /prueba
# file: /prueba
A::OWNER@:rwaDxtTcCy
A::GROUP@:rwaDxtcy
A::EVERYONE@:tcy

任何帮助表示赞赏。非常感谢。

francisaugusto

Asked: 2022-03-03 12:48:50 +0800 CST

如何导出共享以使用户不以 root 身份创建文件

1

我正在尝试将主目录从我的 NAS 导出到 ubuntu 客户端 - 服务器是 TrueNAS Scale，它是基于 Debian 的。Kerberos 可以正常工作，因此用户可以获得适当的票证以对服务器进行身份验证。

我的主要目标是用户可以从服务器上挂载他们的主目录。

我在服务器上有一个名为 home 的共享，每个用户有一个目录。主目录归根用户所有，子目录归用户所有。但是，如果我不使用 maproot 或 mapall，即使我设法挂载共享，如果挂载 /home/folder，用户也无法将任何内容写入他的文件夹。

如果我使用 maproot=root，用户会挂载它，但他写的所有内容都保存为 root。我在这里迷路了，但似乎id映射可能有问题。文件的 uid/gid 在服务器和客户端、显示的正确名称等方面是相同的。这让我相信映射是正确的 - 但是，当使用 maproot=root 时，为什么我最终可以访问不支持的文件夹不属于我，为什么我用那个用户创建的所有东西都归根用户所有？

我怎样才能正确地导出它，以便我得到根压扁，以及用户只能访问他们自己的目录？

james

Asked: 2021-08-14 23:52:29 +0800 CST

NFS 不允许配置中指定的主机挂载共享

1

我遇到了 NFS 拒绝允许在配置文件中指定的主机挂载共享的问题。

我在 Debian 10，BTRFS 文件系统上运行 NFS 服务器。

我的/etc/exports读物：

/share  192.220.189.0/24(rw,sync,no_subtree_check) *.domain.lan(rw,sync,no_subtree_check)

我正在尝试从挂载host.domain.lan，但是当我尝试挂载共享时，我得到以下信息：

mount.nfs: access denied by server while mounting server.domain.lan:/share

服务器日志显示：

rpc.mountd[PID]: refused mount request from <host.domain.lan's ip> for /share (/share): unmatched host

我已经验证服务器可以解析 host.domain.lan 的主机名，由本地 DNS 服务器提供。

如果我明确指定host.domain.lanin/etc/exports而不是*.domain.lan. 但是，这不会，因为我想将该文件夹提供给 FQDN 的整个子域。

我在网上找不到任何关于此的内容，并且我已经用尽了我能想到的所有选项，请帮助！

Andrew

Asked: 2021-07-22 05:10:17 +0800 CST

NFS 服务器更新和重启后 Kubernetes 无法挂载 NFS 卷

1

将zypper patchopenSUSE Leap 15.2 上的 NFS 服务器安装到最新版本并重新启动后，kubernetes 集群（Openshift 4.5）中的节点无法再挂载 NFS 卷。

NFS 服务器版本：nfs-kernel-server-2.1.1-lp152.9.12.1.x86_64

/etc/exports 包含：

/nfs 192.168.11.*(rw,sync,no_wdelay,root_squash,insecure,no_subtree_check,fsid=0)

受影响的 pod 处于 ContainerCreating 状态

kubectl describe pod/<pod_name>给出以下错误：

Warning  FailedMount  31m   kubelet            MountVolume.SetUp failed for volume "volume" : mount failed: exit status 32
Mounting command: systemd-run
Mounting arguments: --description=Kubernetes transient mount for /var/lib/kubelet/pods/c86dee2e-f533-43c9-9a1d-c4f00a1b8eef/volumes/kubernetes.io~nfs/smart-services-http-video-stream --scope -- mount -t nfs nfs.example.invalid:/nfs/volume /var/lib/kubelet/pods/c86dee2e-f533-43c9-9a1d-c4f00a1b8eef/volumes/kubernetes.io~nfs/pv-name
Output: Running scope as unit: run-r83d4e7dba1b645aca1e4693a48f45191.scope
mount.nfs: Operation not permitted

服务器仅运行 NFSv4，因此 rpcbind 已关闭且 showmount 命令不起作用。

直接挂载在 Kubernetes 节点上会导致以下错误：

sudo mount.nfs4 nfs.example.invalid:/core tmp/ -v; echo $?
mount.nfs4: timeout set for Wed Jul 21 12:16:49 2021
mount.nfs4: trying text-based options 'vers=4.2,addr=192.168.11.2,clientaddr=192.168.11.3'
mount.nfs4: mount(2): Operation not permitted
mount.nfs4: Operation not permitted
32

NFS 服务器上的 firewalld 规则：

  services: ssh dhcpv6-client nfs mountd rpc-bind samba http tftp
  ports: 2049/tcp 2049/udp

AppArmor 正在工作，关闭它并没有改变结果。

在更新 NFS 服务器之前，一切正常，没有进行其他配置更改。我怎样才能进一步调试它并使共享再次可挂载？

Julia Fischer

Asked: 2021-07-13 05:56:54 +0800 CST

使用 NFSv4 失败的群

1

我不知道为什么这段代码不能在 NFS4 下运行，使用 NFS3 可以完美运行。这个想法是避免在进程仍在读取文件时写入文件。

我想调试，但我们的系统管理员无法调试。这可能是原因。在我们的 NFS4 安装下，我总是会遇到这种情况

  if ( flock(fp,LOCK_EX) == -1)
    printf("Error: file %s is already locked\n", fileName);

整个程序是：

#include <sys/file.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main(int argc, char **argv){

    if (argc<2){
        printf("Usage:\n a.out fileName\n");
        return 1;
    }

    char *fileName=argv[1];
    int  fp;
     
    /* block the file, I know a process can write 
    rendering my information useless*/
    fp=open(fileName,O_RDONLY);

    if ( flock(fp,LOCK_EX) == -1){
        printf("Error: file %s is already locked\n", fileName);
    }
    else{
        printf("OK: file %s was locked\n",fileName );
    }

    /* read and parse the fileName 
       another process should not be able to write or
       modify the fileName while I am reading it
    */
    return 0;    
}

编辑：我想澄清一下。这是我正在使用的代码片段。fileName 应该是一个有效的现有文件

我正在阅读文件名并制作副本，编辑一些部分。我知道，当我这样做时，外部进程可以更新文件名。我想使用信号量来避免修改这个文件，直到我完成它。该程序运行良好，直到停止这样做。唯一的区别是文件名所在的文件系统。它从 NFS3 更新到 NFS4。甚至操作系统 (SLE15.2) 与内核 5.3.18 相同，并且使用 strerror(errno) 在 NFS4 上产生 seg 错误。我做 print("%d",error) 时的唯一提示是 9 应该是“错误的文件描述符”

谢谢你的帮助

朱莉娅

Xavi Montero

Asked: 2021-05-05 14:50:56 +0800 CST

强制“mount”绕过与 nfs 版本相关的 nfs 内核限制

1

根据这个答案https://serverfault.com/a/1062570/253400有可能安装的软件支持 nfs 版本v4.2，但如果没有准备好底层内核，该mount命令将降级为“kenrel 的已知版本”那可能是v4.0。

根据答案，这似乎不是 nfs 库的问题，而是与mount命令本身有关。

有没有办法告诉mount“绕过”挂载“发现”并告诉它绑定v4.2库中的全部功能而不管底层内核如何？

Xavi Montero

Asked: 2021-05-05 03:18:53 +0800 CST

nfs 根据客户端机器从 4.2 降级到 4.0，而理论上可以 4.2 - 为什么？

0

我正在使用 NFS 来测试一些客户端选项。

在使用“选项”之前，我只是测试了从几个客户端到给定服务器的“默认”连接，所以稍后我将能够比较选项化行为与默认行为的对比。

但是我观察到客户端的行为不同，即使它们都基于ubuntu:20.04并且都安装了相同的版本nfs-common。

这是设置：

服务器

暴露 IP 192.168.3.81 的桥接虚拟盒中的 Ubuntu 20.40。Server 是 ubuntu 20.04 的默认包。

这些是已安装的 NFS 软件包：

xavi@iridio:~$ apt list --installed | grep nfs

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libnfsidmap2/focal,now 0.25-5.1ubuntu1 amd64 [installed,automatic]
nfs-common/focal-updates,focal-security,now 1:1.3.4-2.5ubuntu3.3 amd64 [installed,automatic]
nfs-kernel-server/focal-updates,focal-security,now 1:1.3.4-2.5ubuntu3.3 amd64 [installed]
xavi@iridio:~$

这是导出文件：

xavi@iridio:~$ cat /etc/exports
/files/repos/sharedfolder *(rw,sync,no_subtree_check,no_root_squash,insecure)
xavi@iridio:~$

客户＃1（虚拟盒子）

virtualbox 上的同一台服务器机器可以作为其自身的客户端进行测试。挂载时，它确实使用协议 4.2：

xavi@iridio:~$ sudo mount -vvvv 192.168.3.81:/files/repos/sharedfolder iridio/
mount.nfs: timeout set for Tue May  4 10:41:51 2021
mount.nfs: trying text-based options 'vers=4.2,addr=192.168.3.81,clientaddr=192.168.3.81'
xavi@iridio:~$ echo $?
0
xavi@iridio:~$

这是预期的行为：客户端能够v4.2，服务器能够v4.2，然后通过连接v4.2。

VBox中的内核是5.4：

xavi@iridio:~$ uname -a
Linux iridio 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
xavi@iridio:~$

客户＃2（码头工人）

然后从主机启动一个 docker 容器，它也基于 rawubuntu:20.04和 install nfs-common。这是完整的会话：

xavi@msi-laptop:~$ # Launch a fresh container from an empty official stock ubuntu image:
xavi@msi-laptop:~$ 
xavi@msi-laptop:~$ docker run -it --rm --name=nfsclient --hostname=nfsclient --privileged=true ubuntu:20.04
root@nfsclient:/# apt-get update > /dev/null
root@nfsclient:/# apt-get install -y nfs-common > /dev/null
debconf: delaying package configuration, since apt-utils is not installed
root@nfsclient:/#
root@nfsclient:/#
root@nfsclient:/# # Check installed nfs packages. Client is the same than vbox.
root@nfsclient:/#
root@nfsclient:/# apt list --installed | grep nfs

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libnfsidmap2/focal,now 0.25-5.1ubuntu1 amd64 [installed,automatic]
nfs-common/focal-updates,focal-security,now 1:1.3.4-2.5ubuntu3.3 amd64 [installed]
root@nfsclient:/#
root@nfsclient:/#
root@nfsclient:/# # Now mount, but does tries 4.2, fails, tries 4.1, fails then 4.0 and succeeds.
root@nfsclient:/#
root@nfsclient:/# mkdir iridio
root@nfsclient:/# mount -vvvv 192.168.3.81:/files/repos/sharedfolder iridio/
mount.nfs: timeout set for Tue May  4 10:55:35 2021
mount.nfs: trying text-based options 'vers=4.2,addr=192.168.3.81,clientaddr=172.17.0.10'
mount.nfs: mount(2): Invalid argument
mount.nfs: trying text-based options 'vers=4.1,addr=192.168.3.81,clientaddr=172.17.0.10'
mount.nfs: mount(2): Invalid argument
mount.nfs: trying text-based options 'vers=4.0,addr=192.168.3.81,clientaddr=172.17.0.10'
root@nfsclient:/# echo $?
0
root@nfsclient:/#

docker中的内核是4.19。事实上，docker 引擎在 Windows 10 pro 上的 WSL-2 上的 Ubuntu 20.04 上运行：

root@nfsclient:/# uname -a
Linux nfsclient 4.19.128-microsoft-standard #1 SMP Tue Jun 23 12:58:10 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@nfsclient:/#

问题

为什么有两个ubuntu:20.04，两者都具有非常精确的nfs-common/focal-updates,focal-security,now 1:1.3.4-2.5ubuntu3.3 amd64行为版本，即一个通过连接到服务器v4.2，另一个通过连接v4.0？
版本是否取决于我拥有的内核？
我看到在尝试版本v4.2和v4.1. 我应该通过任何额外的选项来连接v4.2吗？

Dipr

Asked: 2021-03-18 03:46:15 +0800 CST

NFS4 w/o Kerberos：名称映射有效，权限无效

2

我只是想在 NFS4 客户端和 NFS4 服务器之间“按用户名映射”，当每个给定用户名具有不同的 uid 时，无需设置 Kerberos。

情况：我的Linux机器（centos 7）访问各种NFS4服务器（运行centos 7）

没有可用的 Kerberos 或 NIS 或 AD
每个服务器都有不同的 dns 域（都与我的 linux box 的 DNS 域不同）
服务器和我的 linux 客户端具有不同步的 UID（每个用户名“oracle”具有不同的本地 uid）
echo N > /sys/module/nfsd/parameters/nfs4_disable_idmapping在服务器和客户端上完成
名称映射守护进程 rpcidmapd 在客户端和服务器上启动
客户端/etc/idmapd.conf为用户提供静态映射
安装为 nfs4（sec=sys，因为没有集中的 Kerberos/etc）可以工作
ls -l显示“正确”的用户名和组名
但是权限被忽略了，我必须设置 world rwx 来访问/遍历/写入文件，为什么？

背景问题：

哪一方（客户端或服务器）应该将名称映射到 id？

我的客户端上的 idmapd.conf 是否正确（例如远程 NFS4 服务器 DNS 域是 eh.loc）：

 [General]
 Verbosity = 7
 [Mapping]
 [Translation]
 Method = static
 [Static]
 [email protected] = oracle
 [email protected] = oinstall
 [email protected] = dba

Orphans

Asked: 2021-02-26 11:22:20 +0800 CST

如何确定远程 NFS 共享的版本？

3

我在使用某些软件时遇到问题，它只能挂载 NFSv3 和 NFSv4 共享 - 它无法挂载 NFSv4.1 或 NFSv4.2。

由于我无权访问服务器本身，因此我无法确定正在使用的 NFS 的确切版本。

我知道 rpcinfo 命令：

rpcinfo -p server

打印出这样的共享版本：

   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
      7507    1   tcp   7507
    100024    1   udp  20049  status
    100024    1   tcp  20049  status
    100003    3   tcp   2049  nfs
    100005    1   tcp  20048  mountd
    100005    3   tcp  20048  mountd
    100003    4   tcp   2049  nfs
    100021    4   tcp  20050  nlockmgr

或以下内容：

rpcinfo -u server nfs 3
rpcinfo -t server nfs 4

打印：

program 100003 version 3 ready and waiting

和

program 100003 version 4 ready and waiting

但是，如何从客户端确定服务器正在使用 NFSv4.1 还是 NFSv4.2？

Andreas Schuldei

Asked: 2020-09-25 01:57:41 +0800 CST

为什么 ssh 以 AD 用户身份登录 nfs4 /home 中的私钥在第二次尝试时成功？

2

我使用 samba、winbind、sssd、krb5 和 nfs-common 配置了最新的 Debian (v10.5) 服务器，以针对我域中的 AD 进行身份验证并通过 nfs4 挂载它的 /home。

在客户端（带有putty的windows，来自linux的ssh）我的ssh代理中有我的私钥并尝试登录服务器。我只允许私钥登录和禁用密码登录。

现在，当 ssh 到服务器时，第一次提示我输入密码时，我使用我的 AD 密码并进入。然后我再次注销。我第二次登录时使用了我的私钥并且我进入了。

为什么这行得通？我只希望 ssh 私钥登录工作。如果我正确理解 nfsv4，sshd（和 root）应该无法读取我的主目录或我的授权密钥，并且我可以理解私钥登录是否会失败。所以在某种程度上我很高兴他们工作 - 我只是不明白为什么。

我该怎么做才能只有私钥登录才能工作，即使是第一次？

这是我第二次登录尝试的详细 sshd 调试输出：

Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: oom_adjust_restore
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: Set /proc/self/oom_score_adj to 0
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: inetd sockets after dupping: 3, 3
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: Connection from 10.21.1.74 port 44732 on 195.37.235.121 port 22
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: Client protocol version 2.0; client software version OpenSSH_7.9p1 Debian-10+deb10u2
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: fd 3 setting O_NONBLOCK
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: Network child is on pid 12687
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: preauth child monitor started
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: privsep user:group 105:65534 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: permanently_set_uid: 105/65534 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: send packet: type 20 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: receive packet: type 20 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: SSH2_MSG_KEXINIT received [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: local server KEXINIT proposal [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: compression ctos: none,[email protected] [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: compression stoc: none,[email protected] [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: languages ctos:  [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: languages stoc:  [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: first_kex_follows 0  [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: reserved 0  [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: peer client KEXINIT proposal [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: compression ctos: none,[email protected],zlib [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: compression stoc: none,[email protected],zlib [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: languages ctos:  [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: languages stoc:  [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: first_kex_follows 0  [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: reserved 0  [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: kex: algorithm: curve25519-sha256 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: receive packet: type 30 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: mm_sshkey_sign entering [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 6 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: monitor_read: checking request 6
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: mm_answer_sign
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: mm_answer_sign: hostkey proof signature 0x56470fc89c70(100)
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 7
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: monitor_read: 6 used once, disabling now
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: mm_request_receive_expect entering: type 7 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: send packet: type 31 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: send packet: type 21 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug2: set_newkeys: mode 1 [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: rekey after 134217728 blocks [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Sep 24 11:44:26 jmp-ei-01 sshd[12686]: debug3: send packet: type 7 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: receive packet: type 21 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: set_newkeys: mode 0 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: rekey after 134217728 blocks [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: KEX done [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: receive packet: type 5 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: send packet: type 6 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: receive packet: type 50 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: userauth-request for user schuldeia service ssh-connection method none [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: attempt 0 failures 0 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_getpwnamallow entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 8 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: monitor_read: checking request 8
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_pwnamallow
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: parse_server_config: config reprocess config len 272
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 9
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: monitor_read: 8 used once, disabling now
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive_expect entering: type 9 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: input_userauth_request: setting up authctxt for schuldeia [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_start_pam entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 100 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: monitor_read: checking request 100
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: PAM: initializing for "schuldeia"
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: PAM: setting PAM_RHOST to "10.21.1.74"
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: PAM: setting PAM_TTY to "ssh"
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: monitor_read: 100 used once, disabling now
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_inform_authserv entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 4 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: input_userauth_request: try method none [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: ensure_minimum_time_since: elapsed 6.083ms, delaying 2.229ms (requested 8.313ms) [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: monitor_read: checking request 4
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_authserv: service=ssh-connection, style=, role=
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: monitor_read: 4 used once, disabling now
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: send packet: type 51 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: receive packet: type 50 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: userauth-request for user schuldeia service ssh-connection method publickey [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: attempt 1 failures 0 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: input_userauth_request: try method publickey [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:5sI4OvJOs6+7RcD76iomtR6geCSBoZ5397jeWzNlspE [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_key_allowed entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 22 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive_expect entering: type 23 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: monitor_read: checking request 22
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_keyallowed entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_keyallowed: key_from_blob: 0x56470fc9e5f0
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: temporarily_use_uid: 50709/10004 (e=0/0)
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: trying public key file /home/schuldeia/.ssh/authorized_keys
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: fd 9 clearing O_NONBLOCK
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: /home/schuldeia/.ssh/authorized_keys:2: matching key found: RSA SHA256:5sI4OvJOs6+7RcD76iomtR6geCSBoZ5397jeWzNlspE
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: /home/schuldeia/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: Accepted key RSA SHA256:5sI4OvJOs6+7RcD76iomtR6geCSBoZ5397jeWzNlspE found at /home/schuldeia/.ssh/authorized_keys:2
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: restore_uid: 0/0
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_keyallowed: publickey authentication test: RSA key is allowed
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 23
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: send packet: type 60 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: ensure_minimum_time_since: elapsed 3.132ms, delaying 5.181ms (requested 8.313ms) [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: Postponed publickey for schuldeia from 10.21.1.74 port 44732 ssh2 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: receive packet: type 50 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: userauth-request for user schuldeia service ssh-connection method publickey [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: attempt 2 failures 0 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: input_userauth_request: try method publickey [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: userauth_pubkey: have rsa-sha2-512 signature for RSA SHA256:5sI4OvJOs6+7RcD76iomtR6geCSBoZ5397jeWzNlspE [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_key_allowed entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 22 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive_expect entering: type 23 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: monitor_read: checking request 22
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_keyallowed entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_keyallowed: key_from_blob: 0x56470fca0f50
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: temporarily_use_uid: 50709/10004 (e=0/0)
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: trying public key file /home/schuldeia/.ssh/authorized_keys
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: fd 9 clearing O_NONBLOCK
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: /home/schuldeia/.ssh/authorized_keys:2: matching key found: RSA SHA256:5sI4OvJOs6+7RcD76iomtR6geCSBoZ5397jeWzNlspE
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: /home/schuldeia/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: Accepted key RSA SHA256:5sI4OvJOs6+7RcD76iomtR6geCSBoZ5397jeWzNlspE found at /home/schuldeia/.ssh/authorized_keys:2
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: restore_uid: 0/0
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_keyallowed: publickey authentication: RSA key is allowed
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 23
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_sshkey_verify entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 24 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive_expect entering: type 25 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: monitor_read: checking request 24
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_keyverify: publickey 0x56470fc9e5f0 signature verified
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: auth_activate_options: setting new authentication options
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 25
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive_expect entering: type 102
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: do_pam_account: called
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: do_pam_account: auth information in SSH_AUTH_INFO_0
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 103
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: Accepted publickey for schuldeia from 10.21.1.74 port 44732 ssh2: RSA SHA256:5sI4OvJOs6+7RcD76iomtR6geCSBoZ5397jeWzNlspE
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: monitor_child_preauth: schuldeia has been authenticated by privileged process
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_get_keystate: Waiting for new keys
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive_expect entering: type 26
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_get_keystate: GOT new keys
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: auth_activate_options: setting new authentication options [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: userauth_pubkey: authenticated 1 pkalg rsa-sha2-512 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: ensure_minimum_time_since: elapsed 1.791ms, delaying 6.522ms (requested 8.313ms) [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_do_pam_account entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 102 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive_expect entering: type 103 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_do_pam_account returning 1 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: send packet: type 52 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 26 [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_send_keystate: Finished sending state [preauth]
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: monitor_read_log: child log fd closed
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: ssh_sandbox_parent_finish: finished
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: PAM: establishing credentials
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: PAM: opening session
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: do_pam_session: auth information in SSH_AUTH_INFO_0
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: pam_unix(sshd:session): session opened for user schuldeia by (uid=0)
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: PAM: sshpam_store_conv called with 1 messages
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: PAM: sshpam_store_conv called with 1 messages
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: User child is on pid 12692
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_receive entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: monitor_read: checking request 28
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_pty entering
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug2: session_new: allocate (allocated 0 max 10)
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: session_unused: session id 0 unused
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: session_new: session 0
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug1: SELinux support disabled
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_request_send entering: type 29
Sep 24 11:44:27 jmp-ei-01 sshd[12686]: debug3: mm_answer_pty: tty /dev/pts/3 ptyfd 5

导出的 glusterfs 的 NFSv4 权限问题

如何导出共享以使用户不以 root 身份创建文件

NFS 不允许配置中指定的主机挂载共享

NFS 服务器更新和重启后 Kubernetes 无法挂载 NFS 卷

使用 NFSv4 失败的群

强制“mount”绕过与 nfs 版本相关的 nfs 内核限制

nfs 根据客户端机器从 4.2 降级到 4.0，而理论上可以 4.2 - 为什么？

服务器

客户＃1（虚拟盒子）

客户＃2（码头工人）

问题

NFS4 w/o Kerberos：名称映射有效，权限无效

如何确定远程 NFS 共享的版本？

为什么 ssh 以 AD 用户身份登录 nfs4 /home 中的私钥在第二次尝试时成功？

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

问题[nfs4](server)

服务器

客户＃1（虚拟盒子）

客户＃2（码头工人）

问题