AWS Linux DHCPREQUEST On Eth0 导致的宕机问题

综合技术 2018-05-11 阅读原文

最近几天,博客所使用的 EC2 服务器一直不稳定。最开始,我以为是又双双叕叕叕敠被攻击了。

在重启了多次之后,查看了多次日志之后发现了一个原因:DHCPREQUEST on eth0 to,日志如下:

May 10 20:40:12 ip-172-31-18-86 dhclient[2192]: DHCPREQUEST on eth0 to 172.31.16.1 port 67 (xid=0x49c744e7)
May 10 20:40:12 ip-172-31-18-86 dhclient[2192]: DHCPACK from 172.31.16.1 (xid=0x49c744e7)
May 10 20:40:14 ip-172-31-18-86 dhclient[2192]: bound to 172.31.18.86 -- renewal in 1724 seconds.
May 10 20:40:14 ip-172-31-18-86 ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/06:ce:d8:0e:2a:ec/local-ipv4s
May 10 20:40:15 ip-172-31-18-86 ec2net: [rewrite_aliases] Rewriting aliases of eth0
May 10 20:47:48 ip-172-31-18-86 sshd[7841]: rexec line 52: Deprecated option RSAAuthentication
May 10 20:57:26 ip-172-31-18-86 sshd[7844]: rexec line 52: Deprecated option RSAAuthentication
May 10 21:00:22 ip-172-31-18-86 sshd[7846]: rexec line 52: Deprecated option RSAAuthentication
May 10 21:00:36 ip-172-31-18-86 sshd[7848]: rexec line 52: Deprecated option RSAAuthentication
May 10 21:07:03 ip-172-31-18-86 sshd[7862]: rexec line 52: Deprecated option RSAAuthentication
May 10 23:36:35 ip-172-31-18-86 kernel: imklog 5.8.10, log source = /proc/kmsg started.
May 10 23:36:35 ip-172-31-18-86 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="2261" x-info="http://www.rsyslog.com"] start

于是,我先手动把 DHCP eth0 的相关进程干掉,下一步在再看看会不会在还出现问题:

/bin/kill `cat /var/run/dhclient-eth0.pid`

Deprecated option RSAAuthentication

同样的,还有一个问题是:

May 11 23:31:01 ip-172-31-18-86 sshd[5653]: rexec line 52: Deprecated option RSAAuthentication
May 11 23:37:04 ip-172-31-18-86 sshd[5661]: rexec line 52: Deprecated option RSAAuthentication
May 11 23:57:38 ip-172-31-18-86 sshd[5675]: rexec line 52: Deprecated option RSAAuthentication
May 12 00:31:49 ip-172-31-18-86 sshd[5705]: rexec line 52: Deprecated option RSAAuthentication
May 12 00:35:33 ip-172-31-18-86 sshd[5708]: rexec line 52: Deprecated option RSAAuthentication
May 12 00:36:00 ip-172-31-18-86 sshd[5710]: rexec line 52: Deprecated option RSAAuthentication

于是,便顺手解决一下这个问题吧。先备份一下旧的配置:

cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config-backup

然后,注释掉 sshd_config
文件中的 RSAAuthentication

RSAAuthentication yes

参考:

  1. https://qiita.com/smallpalace/items/65819405fa421bfc386e
  2. https://raspberrypi.stackexchange.com/questions/3332/alter-dhclient-to-retry-fetching-ip-address/10184
  3. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=266175
Phodal全栈工程师

责编内容by:Phodal全栈工程师阅读原文】。感谢您的支持!

您可能感兴趣的

25个常用的Linux iptables规则 一些常用的 Linux iptables 规则,请根据自己的具体需要再修改。 # 1. 删除所有现有规则 iptables -F # 2. 设置默认的 chain 策略 iptables -P INPUT DROP iptables -P FORWARD DROP...
Mirai leveraging Aboriginal Linux to target multip... TheMirai botnet hasn't gone away, you don't hear about it much, but the code has been constantly updated and maintained. Recently, Symantec's Dinesh ...
Linux VXLAN VXLAN协议 VXLAN是Virtual eXtensible Local Area Network的缩写, RFC 7348 的标题“A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Netw...
On the road to pure Go X11 GUIs I write applications for personal use. For the past few years I've been mostly using the C language for the task, and trying to treat the terminal...
Linux 檔案系統管理技巧 遇到磁碟空間不足時, 我們常常需要找出罪魁禍首, 所以需要知道哪個目錄快滿了(或已經滿了). 1. 磁碟空間的百分比df -h 可以看到每個磁碟空間的百分比 2. 找出指定目錄下10大檔案 (這樣我們才知道要從何刪起)du ...