gene_x 0 like s 27 view s
Tags:
Since your website is still running correctly, it indicates that your server (IP: 85.90.244.31) is operational, and the issue is likely isolated to the SSH service (sshd) and/or the authentication system, which is preventing logins via SSH (kex_exchange_identification: read: Connection reset by peer) and Weblish (Login incorrect). The libcrypt.so.1 and libc6 errors from your Debian Buster-to-Bullseye upgrade attempt are likely causing these authentication issues. Booting into Linode’s Rescue Mode is a safe and standard recovery method, but I understand your concern about potential risks to the running server, especially since your website is still up. Below, I’ll address the risks of using Rescue Mode, provide steps to minimize disruption, and offer alternative approaches to fix the issue without immediately rebooting into Rescue Mode.
Rebooting into Rescue Mode involves temporarily shutting down your server and booting into a recovery environment (Finnix). Here are the potential risks and how to mitigate them:
1. Temporary Downtime:
- Risk: Rebooting will stop all running services (e.g., your website, hosted on Apache/Nginx), causing temporary downtime (typically a few minutes).
- Mitigation: Schedule the reboot during a low-traffic period and notify users if possible. Since your website is running, the downtime should be brief, and services should restart automatically unless the system is severely broken.
2. Failure to Reboot Normally:
- Risk: If the libc6 or libcrypt.so.1 issues have corrupted critical system components, the server might not boot properly after exiting Rescue Mode.
- Mitigation: Before rebooting, ensure you have a recent Linode backup (check the “Backups” tab in the Linode dashboard). Linode’s backups allow you to restore the server to a working state if the reboot fails. Also, follow the steps below to make minimal changes in Rescue Mode.
3. Data Loss:
- Risk: Incorrect commands in Rescue Mode (e.g., deleting critical files) could cause data loss.
- Mitigation: Only run targeted commands (provided below) and avoid destructive actions like formatting disks. Back up critical files (e.g., /etc/ssh/sshd_config, /etc/passwd) before making changes.
4. Website Configuration Issues:
- Risk: If your website depends on specific configurations or services, changes in Rescue Mode might affect them.
- Mitigation: Focus on fixing only the authentication and SSH issues (libc6, libcrypt1, sshd) without altering web server configurations (e.g., Apache/Nginx configs in /etc/nginx or /etc/apache2).
Given that your website is running, the server’s core functionality is intact, and the issue is likely specific to sshd and authentication libraries. Rescue Mode is still the safest way to fix this, as you can’t log in via Weblish or SSH, but I’ll also explore alternatives to avoid rebooting immediately.
To minimize risks and restore SSH/Weblish access:
1. Check for Backups:
- In the Linode dashboard, go to the “Backups” tab and confirm you have a recent backup. If not, enable automatic backups or create a manual snapshot before proceeding.
2. Notify Users (Optional):
- If your website has users, consider posting a maintenance notice for a brief downtime window (5-10 minutes).
3. Boot into Rescue Mode:
- Log into cloud.linode.com, select your server, and go to the “Rescue” tab.
- Click “Reboot into Rescue Mode”. This will shut down the server (stopping your website temporarily) and boot into Finnix.
4. Open Weblish Console:
- Once rebooted, open Weblish from the “Console” tab. You should see a Finnix prompt (root@finnix:~#).
5. Mount the Filesystem:
- List disks:
```bash
lsblk
Identify your root partition (e.g., /dev/sda1).
Mount it: bashmount /dev/sda1 /mnt mount --bind /dev /mnt/dev mount --bind /proc /mnt/proc mount --bind /sys /mnt/sys If you have a separate /boot partition (e.g., /dev/sda2), mount it: bashmount /dev/sda2 /mnt/boot
Chroot into the Filesystem: bashchroot /mnt
Fix Authentication Issues:
Reset Root Password (to fix “Login incorrect”): bashpasswd Enter a new password. Fix libcrypt.so.1: bashwget http://deb.debian.org/debian/pool/main/libx/libxcrypt/libcrypt1_4.4.18-4_amd64.deb dpkg -i libcrypt1_4.4.18-4_amd64.deb
Fix libc6: bashwget http://deb.debian.org/debian/pool/main/g/glibc/libc6_2.31-13+deb11u10_amd64.deb dpkg -i libc6_2.31-13+deb11u10_amd64.deb
Repair Packages: bashdpkg --configure -a apt update apt install -f
Reinstall openssh-server: bashapt install --reinstall openssh-server
Verify SSH Configuration:
Check /etc/ssh/sshd_config: bashgrep PermitRootLogin /etc/ssh/sshd_config Ensure it’s set to: bashPermitRootLogin yes Edit with nano if needed. Test sshd: bash/usr/sbin/sshd -t
Exit and Reboot:
Exit chroot: bashexit
Unmount filesystems: bashumount /mnt/dev /mnt/proc /mnt/sys /mnt/boot /mnt Omit /mnt/boot if not mounted. In the Linode dashboard, reboot into normal mode.
Test Access:
Try Weblish with root and the new password. Test SSH: bashssh -v root@85.90.244.31
Check your website to ensure it’s back online.
Alternatives to Avoid Rebooting Immediately Since your website is running and you’re hesitant to reboot, here are alternative approaches to explore first:
Check Linode Support Ticket:
Since you’ve already opened a support ticket, check for updates. Linode support can often access your server or provide insights without requiring a reboot. Share that your website is still running to prioritize non-disruptive solutions.
Use Linode’s Lish via SSH:
Instead of Weblish, try accessing Lish via SSH from your local machine:
bashssh -t
Inspect Running Services Remotely:
Since your website is running, check if you can access any alternative management interface (e.g., a web-based control panel like cPanel or a custom API). If you have a monitoring tool or secondary service (e.g., FTP), use it to gather more information about the server’s state.
Wait for Linode Support:
If downtime is a major concern, wait for Linode support to respond. They may be able to fix the issue without a reboot by accessing the server’s console directly or mounting the disk in a recovery environment.
Minimizing Risks
Backup First: Confirm you have a Linode backup or snapshot in the dashboard. This ensures you can restore the server if anything goes wrong. Test Website Post-Reboot: After fixing in Rescue Mode, check your website immediately to ensure the web server (e.g., Apache/Nginx) restarts correctly: bashsystemctl status apache2 # or nginx systemctl restart apache2 # or nginx
Targeted Fixes: Only modify authentication and SSH-related components (libc6, libcrypt1, sshd) to avoid affecting the web server. Monitor Logs: After regaining access, check /var/log/auth.log for SSH errors and /var/log/syslog for system issues: bashtail -f /var/log/auth.log tail -f /var/log/syslog
Why Rescue Mode Is Likely Necessary The libcrypt.so.1 and libc6 errors suggest a broken authentication system, which is why both SSH and Weblish logins are failing. Since your website is running, the web server process (likely not dependent on the broken libraries) is unaffected, but sshd and PAM (authentication) rely on libc6 and libcrypt1. Rescue Mode is the most reliable way to fix these without requiring normal login access. The downtime should be minimal (a few minutes), and with a backup, the risk of permanent issues is low. Next Steps
Confirm Backup: Check the “Backups” tab in Linode’s dashboard. Try Lish via SSH: Attempt the Lish SSH command above to see if you can log in without rebooting. Proceed with Rescue Mode: If Lish fails, schedule a brief maintenance window and follow the Rescue Mode steps. Update Support Ticket: Inform Linode that your website is running but SSH/Weblish are inaccessible. Share any new errors from Lish or Rescue Mode attempts.
If you try Rescue Mode or Lish and encounter specific errors (e.g., mount failures, apt errors), share the output, and I can provide precise guidance. Alternatively, if you prefer to wait for Linode support, let me know, and I can help craft a follow-up message to emphasize urgency while noting the website is still operational. Let me know how you’d like to proceed!
点赞本文的读者
还没有人对此文章表态
没有评论
Sorry, 没有相似文章
© 2023 XGenes.com Impressum