赞
踩
由于云服务器默认ssh登入端口号是22,会有很多扫描器在互联网上扫描默认的22端口号,通过云主机的/var/log/secure文件可以看到:
Jun 16 05:02:46 instance-1 sshd[13736]: input_userauth_request: invalid user admin [preauth] Jun 16 05:02:46 instance-1 sshd[13736]: Received disconnect from 68.183.80.224 port 48840:11: Bye Bye [preauth] Jun 16 05:02:46 instance-1 sshd[13736]: Disconnected from 68.183.80.224 port 48840 [preauth] Jun 16 05:02:46 instance-1 sshd[13738]: Invalid user guest from 68.183.80.224 port 49678 Jun 16 05:02:46 instance-1 sshd[13738]: input_userauth_request: invalid user guest [preauth] Jun 16 05:02:46 instance-1 sshd[13738]: Received disconnect from 68.183.80.224 port 49678:11: Bye Bye [preauth] Jun 16 05:02:46 instance-1 sshd[13738]: Disconnected from 68.183.80.224 port 49678 [preauth] Jun 16 05:02:47 instance-1 sshd[13740]: Invalid user test from 68.183.80.224 port 50494 Jun 16 05:02:47 instance-1 sshd[13740]: input_userauth_request: invalid user test [preauth] Jun 16 05:02:47 instance-1 sshd[13740]: Received disconnect from 68.183.80.224 port 50494:11: Bye Bye [preauth] Jun 16 05:02:47 instance-1 sshd[13740]: Disconnected from 68.183.80.224 port 50494 [preauth] Jun 16 05:21:54 instance-1 sshd[14039]: Received disconnect from 218.92.0.179 port 65511:11: [preauth] Jun 16 05:21:54 instance-1 sshd[14039]: Disconnected from 218.92.0.179 port 65511 [preauth] Jun 16 08:18:39 instance-1 sshd[17033]: Received disconnect from 112.85.42.178 port 2399:11: [preauth] Jun 16 08:18:39 instance-1 sshd[17033]: Disconnected from 112.85.42.178 port 2399 [preauth] Jun 16 11:41:18 instance-1 sshd[20368]: Invalid user ubnt from 142.93.107.83 port 43902 Jun 16 11:41:18 instance-1 sshd[20368]: input_userauth_request: invalid user ubnt [preauth] Jun 16 11:41:18 instance-1 sshd[20368]: Received disconnect from 142.93.107.83 port 43902:11: Bye Bye [preauth] Jun 16 11:41:18 instance-1 sshd[20368]: Disconnected from 142.93.107.83 port 43902 [preauth] Jun 16 11:41:20 instance-1 sshd[20370]: Invalid user admin from 142.93.107.83 port 46462 Jun 16 11:41:20 instance-1 sshd[20370]: input_userauth_request: invalid user admin [preauth]
可以看到有来自不同的ip尝试通过ssh连接到我的服务器,这些尝试登陆日志都不是我的操作日志,而是别的扫描器产生的日志,所以必须修改默认的22端口为其他端口;
但是在修改过程中,由于没有验证修改结果,不小心重启了机器,导致sshd服务启动不了,连我的正常ssh连接都访问不了了,通过串口查看日志发现是这样的日志:
Jun 21 14:55:15 instance-1 systemd: Started Google Compute Engine Instance Setup.
Jun 21 14:55:15 instance-1 systemd: Starting OpenSSH server daemon...
Jun 21 14:55:15 instance-1 systemd: Started Google Compute Engine Network Daemon.
Jun 21 14:55:15 instance-1 systemd: Starting Google Compute Engine Shutdown Scripts...
Jun 21 14:55:15 instance-1 systemd: Started Google Compute Engine Accounts Daemon.
Jun 21 14:55:15 instance-1 systemd: Starting Google Compute Engine Startup Scripts...
Jun 21 14:55:15 instance-1 systemd: Started Google Compute Engine Clock Skew Daemon.
Jun 21 14:55:15 instance-1 systemd: Started Google Compute Engine Shutdown Scripts.
Jun 21 14:55:16 instance-1 systemd: sshd.service: main process exited, code=exited, status=255/n/a
Jun 21 14:55:16 instance-1 systemd: Failed to start OpenSSH server daemon.
Jun 21 14:55:16 instance-1 systemd: Unit sshd.service entered failed state.
Jun 21 14:55:16 instance-1 systemd: sshd.service failed.
是sshd.service服务挂了,因为修改了 /etc/ssh/sshd_config配置文件,修改过程中改错了某个东西,导致重启后sshd.service启动不了了,所以这时我的服务器谁也连接不上了,包括我自己,而且通过串口连接会提示用户名和密码:
CentOS Linux 7 (Core)
Kernel 3.10.0-957.21.3.el7.x86_64 on an x86_64
instance-1 login:
Password:
然而我没配置过串口登陆密码,所以通过串口控制器也访问不了我的服务器了;所以这时只能考虑能不能通过某种方式直接修改磁盘文件,还原操作,然后通过gcp网页里的重启功能重启机器。
首先想到的是能不能再创建一个云主机,然后将之前的磁盘挂载到新主机里,然后在新主机里修改文件,但是发现新创建主机是不能选择之前的磁盘,可能是因为之前的磁盘挂载为了那个主机的主磁盘,所以google cloud 不允许这样的操作,所以此方法无效;
其次想到的是能不能另外的方式呢,然后去google cloud platform文档里面找相关的文档,找到了一个关于将文件传输到实例的功能介绍,看到该方案是基于gcloud命令来操作的,例如
gcloud compute scp --recurse [INSTANCE_NAME]:[REMOTE_DIR] [LOCAL_DIR]
想到可以将本地正常的 sshd_config文件传输到云主机实例里覆盖有问题的配置文件,于是马上开启Cloud shell面板尝试此命令,结果是令人沮丧的,因为此命令是基于scp,scp也是基于ssh连接来实现文件传输的,sshd服务已经挂了,所以会显示连接22端口refuse,于是再次查找google cloud platform文档;
最后发现了gcp关于运行启动脚本的功能介绍,想到是不是可以通过shell脚本在linux启动时将sshd_config文件的错误改动还原以至于恢复sshd服务呢,于是马上开始测试,相关命令:
gcloud compute instances add-metadata example-instance \
--metadata-from-file startup-script=path/to/file
gcloud shell会开启一个临时的主机给我们执行gcloud命令,所以只需要在gcloud shell面板里使用vim命令创建一个shell脚本:
vim repair.sh
i
然后在shell编写针对sshd_config撤销修改的操作,例如我这里是添加了Port 1024,那么我只需要在shell里撤销这一行字符串添加就行了:
sudo sed -i '/1024/d' /etc/ssh/sshd_config
-i是确保写回/etc/ssh/sshd_config文件,如果不加的话/etc/ssh/sshd_config文件不会有任何改动, ‘/1024/d’ 是sed命令中代表删除带有1024字符串的行的功能,因为1024在我的sshd_config文件里只出现了一次,所以我直接用这个删除功能了,如果出现的不只一次,那就需要其他辅助命令了;
然后按esc按钮输入:wq回车保存,最后再执行gcloud添加启动脚本命令:
gcloud compute instances add-metadata instance-1 --zone=asia-east1-b --metadata-from-file startup-script=repair.sh
instance-1是我的主机名,–zone=asia-east1-b是我的主机所在的地区,每个人的可能都不一样,按需修改,执行完后可以看到gcloud shell面板上的日志:
Updated [https://www.googleapis.com/compute/v1/projects/turnkey-delight-243210/zones/asia-east1-b/instances/instance-1].
To take a quick anonymous survey, run:
$ gcloud alpha survey
看到类似没提示错误的日志就应该是成功了,然后再去云主机详情里面查看,发现元数据项里多了一些东西:
关注红框里的内容,这就是我们在repair.sh里的脚本信息,代表云主机启动时会执行这个脚本,这时尝试重启云主机查看日志:
Jun 21 14:55:24 instance-1 google_accounts_daemon: Adding user yylyingy to group google-sudoers Jun 21 14:55:58 instance-1 systemd: sshd.service holdoff time over, scheduling restart. Jun 21 14:55:58 instance-1 systemd: Stopped OpenSSH server daemon. Jun 21 14:55:58 instance-1 systemd: Starting Google Compute Engine Instance Setup... Jun 21 14:55:58 instance-1 instance-setup: INFO Running google_set_multiqueue. Jun 21 14:55:58 instance-1 instance-setup: INFO Setting /proc/irq/29/smp_affinity_list to 0 for device virtio1. Jun 21 14:55:58 instance-1 instance-setup: INFO /proc/irq/29/smp_affinity_list: real affinity 0 Jun 21 14:55:58 instance-1 instance-setup: INFO Setting /proc/irq/30/smp_affinity_list to 0 for device virtio1. Jun 21 14:55:58 instance-1 instance-setup: INFO /proc/irq/30/smp_affinity_list: real affinity 0 Jun 21 14:55:58 instance-1 instance-setup: INFO Queue 0 XPS=1 for /sys/class/net/eth0/queues/tx-0/xps_cpus Jun 21 14:55:58 instance-1 systemd: Started Google Compute Engine Instance Setup. Jun 21 14:55:58 instance-1 systemd: Starting OpenSSH server daemon... Jun 21 14:55:58 instance-1 systemd: Started OpenSSH server daemon. CentOS Linux 7 (Core) Kernel 3.10.0-957.21.3.el7.x86_64 on an x86_64
ssh服务启动没有报错,尝试连接ssh服务器22端口:
WARNING! The remote SSH server rejected X11 forwarding request.
Last failed login: Fri Jun 21 04:49:56 UTC 2019 on ttyS0
There were 3 failed login attempts since the last successful login.
Last login: Wed Jun 19 17:01:34 2019 from
ok,连接成功,大功告成,成功恢复了sshd服务,不过记得最后删除启动脚本。
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。