AWS Linux DHCPREQUEST On Eth0 导致的宕机问题

综合技术 2018-05-11 阅读原文

最近几天,博客所使用的 EC2 服务器一直不稳定。最开始,我以为是又双双叕叕叕敠被攻击了。

在重启了多次之后,查看了多次日志之后发现了一个原因:DHCPREQUEST on eth0 to,日志如下:

May 10 20:40:12 ip-172-31-18-86 dhclient[2192]: DHCPREQUEST on eth0 to 172.31.16.1 port 67 (xid=0x49c744e7)
May 10 20:40:12 ip-172-31-18-86 dhclient[2192]: DHCPACK from 172.31.16.1 (xid=0x49c744e7)
May 10 20:40:14 ip-172-31-18-86 dhclient[2192]: bound to 172.31.18.86 -- renewal in 1724 seconds.
May 10 20:40:14 ip-172-31-18-86 ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/06:ce:d8:0e:2a:ec/local-ipv4s
May 10 20:40:15 ip-172-31-18-86 ec2net: [rewrite_aliases] Rewriting aliases of eth0
May 10 20:47:48 ip-172-31-18-86 sshd[7841]: rexec line 52: Deprecated option RSAAuthentication
May 10 20:57:26 ip-172-31-18-86 sshd[7844]: rexec line 52: Deprecated option RSAAuthentication
May 10 21:00:22 ip-172-31-18-86 sshd[7846]: rexec line 52: Deprecated option RSAAuthentication
May 10 21:00:36 ip-172-31-18-86 sshd[7848]: rexec line 52: Deprecated option RSAAuthentication
May 10 21:07:03 ip-172-31-18-86 sshd[7862]: rexec line 52: Deprecated option RSAAuthentication
May 10 23:36:35 ip-172-31-18-86 kernel: imklog 5.8.10, log source = /proc/kmsg started.
May 10 23:36:35 ip-172-31-18-86 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="2261" x-info="http://www.rsyslog.com"] start

于是,我先手动把 DHCP eth0 的相关进程干掉,下一步在再看看会不会在还出现问题:

/bin/kill `cat /var/run/dhclient-eth0.pid`

Deprecated option RSAAuthentication

同样的,还有一个问题是:

May 11 23:31:01 ip-172-31-18-86 sshd[5653]: rexec line 52: Deprecated option RSAAuthentication
May 11 23:37:04 ip-172-31-18-86 sshd[5661]: rexec line 52: Deprecated option RSAAuthentication
May 11 23:57:38 ip-172-31-18-86 sshd[5675]: rexec line 52: Deprecated option RSAAuthentication
May 12 00:31:49 ip-172-31-18-86 sshd[5705]: rexec line 52: Deprecated option RSAAuthentication
May 12 00:35:33 ip-172-31-18-86 sshd[5708]: rexec line 52: Deprecated option RSAAuthentication
May 12 00:36:00 ip-172-31-18-86 sshd[5710]: rexec line 52: Deprecated option RSAAuthentication

于是,便顺手解决一下这个问题吧。先备份一下旧的配置:

cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config-backup

然后,注释掉 sshd_config
文件中的 RSAAuthentication

RSAAuthentication yes

参考:

  1. https://qiita.com/smallpalace/items/65819405fa421bfc386e
  2. https://raspberrypi.stackexchange.com/questions/3332/alter-dhclient-to-retry-fetching-ip-address/10184
  3. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=266175
Phodal全栈工程师

责编内容by:Phodal全栈工程师阅读原文】。感谢您的支持!

您可能感兴趣的

如何把你的Linux系统变的更加安全 做为一个小白,以为自己懂了点Linux知识,会搭建Linux各种服务就觉得自己牛的不要要的。在我们团队里面,我将使用了一台破电脑搭建Linux服务器,上面跑着Ftp服务存放着资源,ssh服务可以远程登录,VPN业务可以访问内网的网络...
Linux时间子系统之一:clock source(时钟源)... clock source用于为linux内核提供一个时间基线,如果你用linux的date命令获取当前时间,内核会读取当前的clock source,转换并返回合适的时间单位给用户空间。在硬件层,它通常实现为一个由固定时钟频率驱动的计数器,...
Learn by contributing pixelfit Companies that contribute to open source software and use it in their own IT systems and applications ...
Kernel prepatch 4.19-rc1 Post Syndicated fromcorbet original https://lwn.net/Articles/763496/rss Linus has released 4.19-rc1 an...
Home network improvements – Building a Basic Route... This is the third blog post about my home network improvements series . Gateway Appliance – License CC BY-SA...