发出sshd_config / systemctl重新启动

Question

我的工作站之一(以前是22.04.1服务器版)，但根据NUC兼容性列表，上一个BIOS和dbx数据库升级迫使我降级到工作站，因为server版本是在内核恐慌(NUC 10i7FNHBIOS: 59 UEFI : 267 )上循环的。详情如下：

sudo fwupdmgr获取设备

NUC10i7FNH
│
├─SSD 970 EVO Plus 2TB:
│     Summary:            NVM Express solid state drive
│     Current version:    2B2QEXM7
│     Vendor:             Samsung (NVME:0x144D)
├─System Firmware:
│ │   Summary:            UEFI ESRT device
│ │   Current version:    59
│ │   Minimum Version:    59
│ │   Vendor:             Intel(R) Client Systems (DMI:Intel Corp.)
│ │   Update State:       Success
│ └─UEFI dbx:
│       Summary:          UEFI revocation database
│       Current version:  267
│       Minimum Version:  267
│       Vendor:           UEFI:Linux Foundation
│       Install Duration: 1 second
└─Thunderbolt host controller:
      Summary:            Unmatched performance for high-speed I/O
      Current version:    42.00
      Vendor:             Intel Corporation (THUNDERBOLT:0x8086, TBT:0x8086)

这个“多主无头工作站”通过netplan配置了键和vlans，它应该在一些(不是全部)接口上运行sshd。

192.16.0.150/24 (for admin only from admin vlan) port 22
10.0.1.150/24 (key users from lab 1 vlan) port 22
10.0.2.150/24 (key users from lab 2 vlan) port 22
10.0.3.150/24 (key users from lab 3 vlan) port 22
10.0.4.150/24 (key users from lab 4 vlan) port 22
other vlans (storage, backup, data/application, etc.) are supposed to be without users that need to get  a ssh connection.

在sshd安装之后，不需要自定义sshd_config，所有接口都可以获得sshd侦听器，即使是那些应该交付存储/备份或应用程序流的接口。

我已经运行了几个测试(有或没有端口设置)。

端口设置测试：

ListenAddress 192.168.0.200:22
ListenAddress 10.0.1.200:22
ListenAddress 10.0.2.200:22
ListenAddress 10.0.3.200:22
ListenAddress 10.0.4.200:22

没有端口设置的测试：

ListenAddress 192.168.0.200
ListenAddress 10.0.1.200
ListenAddress 10.0.2.200
ListenAddress 10.0.3.200
ListenAddress 10.0.4.200

我使用指定的显式ListenerAddress运行的所有测试都有相同的问题。systemctl注意到一个降级的服务: sshd当系统启动时(在启动或重新启动之后)，状态失败，但是systemctl重新启动ssh.service会修复这个问题直到下一个重新启动。

sudo systemctl状态?头-n 5

● hell
    State: degraded
     Jobs: 0 queued
   Failed: 1 units
    Since: Thu 2022-12-08 19:40:14 CET; 9min ago

sudo systemctl ssh.service ssh.service

× ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2022-12-08 19:40:15 CET; 9min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 853 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
    Process: 866 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255/EXCEPTION)
   Main PID: 866 (code=exited, status=255/EXCEPTION)
        CPU: 15ms

déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.4.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.3.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.2.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 10.0.1.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: error: Bind to port 22 on 192.168.0.150 failed: Cannot assign requested address.
déc. 08 19:40:15 hell sshd[866]: fatal: Cannot bind any address.
déc. 08 19:40:15 hell systemd[1]: ssh.service: Main process exited, code=exited, status=255/EXCEPTION
déc. 08 19:40:15 hell systemd[1]: ssh.service: Failed with result 'exit-code'.
déc. 08 19:40:15 hell systemd[1]: Failed to start OpenBSD Secure Shell server.
déc. 08 19:46:17 hell systemd[1]: ssh.service: Unit cannot be reloaded because it is inactive.

sudo systemctl重新启动ssh.service

sudo systemctl ssh.service ssh.service

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-12-08 19:49:59 CET; 15s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 4248 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 4249 (sshd)
      Tasks: 1 (limit: 76717)
     Memory: 1.7M
        CPU: 12ms
     CGroup: /system.slice/ssh.service
             └─4249 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

déc. 08 19:49:59 hell systemd[1]: Starting OpenBSD Secure Shell server...
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.4.150 port 22.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.3.150 port 22.
déc. 08 19:49:59 hell systemd[1]: Started OpenBSD Secure Shell server.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.2.150 port 22.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 10.0.1.150 port 22.
déc. 08 19:49:59 hell sshd[4249]: Server listening on 192.168.0.150 port 22.

有人能解释一下是什么问题吗？

Answer 1

非常感谢安德鲁，我已经在你的网址中找到了第一个选项。

mkdir /etc/systemd/system/sshd.service.d

cat > /etc/systemd/system/sshd.service.d/network-online.conf <<EOF
[Unit]
After=network-online.target
EOF

systemctl daemon-reload

没事的！

satan@hell:~$ sudo systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/sshd.service.d
             └─network-online.conf
     Active: active (running) since Fri 2022-12-09 18:19:43 CET; 11min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 1447 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 1454 (sshd)
      Tasks: 1 (limit: 76717)
     Memory: 7.7M
        CPU: 134ms
     CGroup: /system.slice/ssh.service
             └─1454 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

déc. 09 18:19:43 hell systemd[1]: Started OpenBSD Secure Shell server.
déc. 09 18:19:43 hell sshd[1454]: Server listening on 10.0.2.150 port 20022.
déc. 09 18:19:43 hell sshd[1454]: Server listening on 10.0.1.150 port 10022.
déc. 09 18:19:43 hell sshd[1454]: Server listening on 192.168.0.150 port 22.
déc. 09 18:21:39 hell sshd[1489]: Accepted password for satan from 192.168.0.200 port 53816 ssh2
déc. 09 18:21:39 hell sshd[1489]: pam_unix(sshd:session): session opened for user satan(uid=1000) by (uid=0)
déc. 09 18:23:45 hell sshd[1672]: Accepted password for satan from 192.168.0.200 port 37374 ssh2
déc. 09 18:23:45 hell sshd[1672]: pam_unix(sshd:session): session opened for user satan(uid=1000) by (uid=0)
déc. 09 18:30:09 hell sshd[3681]: Accepted password for satan from 10.0.4.200 port 53132 ssh2
déc. 09 18:30:09 hell sshd[3681]: pam_unix(sshd:session): session opened for user satan(uid=1000) by (uid=0)

谢谢!