- 论坛徽章:
- 0
|
看了下远程服务器的auth.log日志,发现了这样的问题。
直接执行./mysql_backup.sh,日志中是这样的:
May 18 23:25:26 ok988com sshd[1616]: pam_sm_authenticate: username = [ok988]
May 18 23:25:26 ok988com sshd[1620]: Passphrase file wrapped
May 18 23:25:27 ok988com sshd[1616]: pam_unix(sshd:session): session opened for user ok988 by (uid=0)
May 18 23:25:27 ok988com sshd[1616]: pam_unix(sshd:session): session closed for user ok988
May 18 23:25:34 ok988com sshd[1767]: pam_sm_authenticate: Called
May 18 23:25:34 ok988com sshd[1767]: pam_sm_authenticate: username = [ok988]
May 18 23:25:34 ok988com sshd[1769]: Passphrase file wrapped
May 18 23:25:35 ok988com sshd[1767]: pam_unix(sshd:session): session opened for user ok988 by (uid=0)
May 18 23:25:35 ok988com sshd[1767]: pam_unix(sshd:session): session closed for user ok988
May 18 23:25:41 ok988com sshd[1852]: pam_sm_authenticate: Called
May 18 23:25:41 ok988com sshd[1852]: pam_sm_authenticate: username = [ok988]
May 18 23:25:41 ok988com sshd[1871]: Passphrase file wrapped
May 18 23:25:42 ok988com sshd[1852]: pam_unix(sshd:session): session opened for user ok988 by (uid=0)
May 18 23:25:42 ok988com sshd[1852]: pam_unix(sshd:session): session closed for user ok988
May 18 23:25:48 ok988com sshd[1954]: pam_sm_authenticate: Called
May 18 23:25:48 ok988com sshd[1954]: pam_sm_authenticate: username = [ok988]
May 18 23:25:48 ok988com sshd[1956]: Passphrase file wrapped
May 18 23:25:49 ok988com sshd[1954]: pam_unix(sshd:session): session opened for user ok988 by (uid=0)
May 18 23:25:49 ok988com sshd[1954]: pam_unix(sshd:session): session closed for user ok988
May 18 23:25:54 ok988com sshd[2039]: pam_sm_authenticate: Called
May 18 23:25:54 ok988com sshd[2039]: pam_sm_authenticate: username = [ok988]
……
以下省略。
可以看到sshd的进程很有规律性,scp一个文件的时候打开ssh通道,传输完毕之后关闭这个通道,然后继续打开下一个ssh通道,scp传输下一个文件
crontab执行这个脚本的时候,auth.log是这样的。
May 17 04:00:08 ok988com sshd[20868]: pam_sm_authenticate: Called
May 17 04:00:08 ok988com sshd[20868]: pam_sm_authenticate: username = [ok988]
May 17 04:00:08 ok988com sshd[20884]: Passphrase file wrapped
May 17 04:00:09 ok988com sshd[20868]: Accepted password for ok988 from 擦掉IP port 48714 ssh2
May 17 04:00:09 ok988com sshd[20868]: pam_unix(sshd:session): session opened for user ok988 by (uid=0)
May 17 04:00:09 ok988com sshd[20963]: Received disconnect from 擦掉IP: 11: disconnected by user
May 17 04:00:09 ok988com sshd[20868]: pam_unix(sshd:session): session closed for user ok988
May 17 04:00:15 ok988com sshd[20968]: pam_sm_authenticate: Called
May 17 04:00:15 ok988com sshd[20968]: pam_sm_authenticate: username = [ok988]
May 17 04:00:15 ok988com sshd[20970]: Passphrase file wrapped
May 17 04:00:16 ok988com sshd[20968]: Accepted password for ok988 from 擦掉IP port 48718 ssh2
May 17 04:00:16 ok988com sshd[20968]: pam_unix(sshd:session): session opened for user ok988 by (uid=0)
May 17 04:00:16 ok988com sshd[21049]: Received disconnect from 擦掉IP: 11: disconnected by user
May 17 04:00:16 ok988com sshd[20968]: pam_unix(sshd:session): session closed for user ok988
May 17 04:00:24 ok988com sshd[21061]: pam_sm_authenticate: Called
May 17 04:00:24 ok988com sshd[21061]: pam_sm_authenticate: username = [ok988]
May 17 04:00:24 ok988com sshd[21063]: Passphrase file wrapped
May 17 04:00:25 ok988com sshd[21061]: Accepted password for ok988 from 擦掉IP port 48720 ssh2
May 17 04:00:25 ok988com sshd[21061]: pam_unix(sshd:session): session opened for user ok988 by (uid=0)
May 17 04:00:25 ok988com sshd[21142]: Received disconnect from 擦掉IP: 11: disconnected by user
May 17 04:00:25 ok988com sshd[21061]: pam_unix(sshd:session): session closed for user ok988
May 17 04:00:31 ok988com sshd[21147]: pam_sm_authenticate: Called
May 17 04:00:31 ok988com sshd[21147]: pam_sm_authenticate: username = [ok988]
May 17 04:00:31 ok988com sshd[21149]: Passphrase file wrapped
May 17 04:00:32 ok988com sshd[21147]: Accepted password for ok988 from 擦掉IP port 48726 ssh2
May 17 04:00:32 ok988com sshd[21147]: pam_unix(sshd:session): session opened for user ok988 by (uid=0)
May 17 04:00:32 ok988com sshd[21228]: Received disconnect from 擦掉IP: 11: disconnected by user
May 17 04:00:32 ok988com sshd[21147]: pam_unix(sshd:session): session closed for user ok988
May 17 04:00:38 ok988com sshd[21233]: pam_sm_authenticate: Called
May 17 04:00:38 ok988com sshd[21233]: pam_sm_authenticate: username = [ok988]
May 17 04:00:38 ok988com sshd[21235]: Passphrase file wrapped
May 17 04:00:39 ok988com sshd[21233]: Accepted password for ok988 from 擦掉IP port 48727 ssh2
May 17 04:00:39 ok988com sshd[21233]: pam_unix(sshd:session): session opened for user ok988 by (uid=0)
May 17 04:00:39 ok988com sshd[21313]: Received disconnect from 擦掉IP: 11: disconnected by user
May 17 04:00:39 ok988com sshd[21233]: pam_unix(sshd:session): session closed for user ok988
May 17 04:00:44 ok988com sshd[21318]: pam_sm_authenticate: Called
May 17 04:00:44 ok988com sshd[21318]: pam_sm_authenticate: username = [ok988]
May 17 04:00:44 ok988com sshd[21320]: Passphrase file wrapped
依然很有规律,但是确实只有9个sshd。后来不知道怎么就想到了多线程的问题,shell中实现多线程的方式是后台执行,隐隐约约记得好像crontab就是后台执行的,再一翻man手册,man sshd_config,发现有一个MaxStartup参数,定义了最大允许的远程ssh的数量,默认是10,刚好9个文件传输通道加上1个ssh登录认证通道,这不就刚好是10个么?
然后果断选择后台执行脚本./mysql_backup.sh,果然重现了这个问题,看来后台执行真的跟前台执行有很大的不同,后台执行的时候scp并没有把自己的ssh通道关闭(但是为什么会看到Received disconnect from 擦掉IP: 11: disconnected by user?百思不得其解),导致ssh通道占满了默认的10个,后面就再也没有ssh认证信息了,全部被拒绝了。 |
|