在处理服务器恶意入侵程序后,发现SSH远程登录异常卡顿,且日志存在报错:
[root@localhost ~]# tail -n 30 /var/log/messages
Nov 21 11:18:58 localhost dbus[10146]: [system] Activating via systemd: service name='org.freedesktop.login1' unit='dbus-org.freedesktop.login1.service'
Nov 21 11:19:01 localhost kernel: device enp1s0f0 left promiscuous mode
Nov 21 11:19:23 localhost dbus[10146]: [system] Failed to activate service 'org.freedesktop.login1': timed out
Nov 21 11:19:23 localhost kernel: device enp1s0f0 entered promiscuous mode
Nov 21 11:19:23 localhost dbus[10146]: [system] Activating via systemd: service name='org.freedesktop.login1' unit='dbus-org.freedesktop.login1.service'
Nov 21 11:19:44 localhost kernel: device enp1s0f0 left promiscuous mode
Nov 21 11:19:48 localhost dbus[10146]: [system] Failed to activate service 'org.freedesktop.login1': timed out
Nov 21 11:19:48 localhost kernel: device enp1s0f0 entered promiscuous mode
Nov 21 11:19:48 localhost dbus[10146]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
····
通过日志可以看出是由于dbus服务超时导致的报错。
问题排查
查看对应dbus-org.freedesktop.login1.service
服务报错
[root@localhost ~]# systemctl status -l dbus-org.freedesktop.login1.service
● systemd-logind.service - Login Service
Loaded: loaded (/usr/lib/systemd/system/systemd-logind.service; static; vendor preset: disabled)
Active: active (running) since 三 2022-11-16 15:43:47 CST; 4 days ago
Docs: man:systemd-logind.service(8)
man:logind.conf(5)
http://www.freedesktop.org/wiki/Software/systemd/logind
http://www.freedesktop.org/wiki/Software/systemd/multiseat
Main PID: 10100 (systemd-logind)
Status: "Processing requests..."
Tasks: 1
CGroup: /system.slice/systemd-logind.service
└─10100 /usr/lib/systemd/systemd-logind
11月 16 15:43:47 localhost.localdomain systemd[1]: Started Login Service.
11月 16 15:43:47 localhost.localdomain systemd-logind[10100]: New seat seat0.
11月 16 15:43:47 localhost.localdomain systemd-logind[10100]: Watching system buttons on /dev/input/event1 (Power Button)
11月 16 15:43:47 localhost.localdomain systemd-logind[10100]: Watching system buttons on /dev/input/event0 (Power Button)
11月 16 15:43:47 localhost.localdomain systemd-logind[10100]: New session c1 of user gdm.
11月 16 15:43:47 localhost.localdomain systemd-logind[10100]: New session 72972 of user root.
11月 16 15:43:47 localhost.localdomain systemd-logind[10100]: Failed to abandon session scope: Transport endpoint is not connected
11月 16 15:45:26 localhost.localdomain systemd-logind[10100]: Failed to abandon session scope: Transport endpoint is not connected
解决办法
根据官方提供的Bug 1623651信息,确认systemd-logind服务进入中断状态。通过 SSH(或可能是其他调用 logind 的服务)的新连接需要 25 秒才能完成。
[root@localhost ~]# systemctl restart systemd-logind
参考文档:https://bugzilla.redhat.com/show_bug.cgi?id=1623651
文章来源于互联网:SSH远程登录出现卡顿问题解决