SSHはすべてのログインに対して機能しません

SSHはすべてのログインに対して機能しません

整理していましたが、/varから一部のディレクトリを誤って削除して他のセッションを/sshできない状況が発生しました。 vspを介してILOMでこれを試みると(Error Service Module つまり、詳細モードに入るとssh)、次のエラーが発生します。

この問題を解決し、このシステムを健康にする方法を提案できますか?

OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.253.224.7 [10.253.224.7] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.253.224.7' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
This system is restricted solely to <company> authorized users for legitimate business purposes only. The actual or attempted unauthorized access, use, or modification of this system is strictly prohibited by <company>. Unauthorized users are subject to Company disciplinary proceedings and/or criminal and civil penalties under state, federal, or other applicable domestic and foreign laws. The use of this system may be monitored and recorded for administrative and security reasons. Anyone accessing this system expressly consents to such monitoring and is advised that if monitoring reveals possible evidence of criminal activity, <company> may provide the evidence of such activity to law enforcement officials. All users must comply with <company> Security Policy & Requirements regarding the protection of <company> information assets.
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8

Warning! You have entered into a secured area!                               
Your IP, Login Time, Username has been noted for auditing purposes.          
This service is restricted to authorized users only.                         
All activities on this system are logged. Unauthorized access will be fully  
investigated and action would be taken appropriately.                        
LOG OFF IMMEDIATELY IF YOU ARE NOT AN AUTHORIZED USER                        
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 10.253.224.7 closed.
Transferred: sent 1912, received 3680 bytes, in 0.1 seconds
Bytes per second: sent 19038.4, received 36642.9
debug1: Exit status 254

答え1

まず、サーバーにログインする方法を見つける必要があります。 SSHが正しくログインできないため、ログインを許可しないと何らかの方法でバイパスできず、そうでなければSSHは安全になりません。

ルートアクセス権を持っている場合は、SSHサーバーを含むパッケージを再インストールすると、yum reinstall openssh-serverなどの適切な権限を使用して必要なディレクトリが再生成される可能性がありますapt-get --reinstall install openssh-server。他の破損したパッケージに対してもこれを行う必要があります。

それでも問題が解決しない場合は、ログメッセージで手がかりを見つけてください。ログが届かない場合は、SSHプロセスを追跡してください。

ps -C sshd
strace -f -efile -p…

欠けているものと正しい権限が何であるかを知るには、少し経験が必要です。

何も忘れていないことがわかるように、バックアップを復元する方がより安定しています。

関連情報