Redis 写入 .ssh/authorized_keys [英] Redis writing to .ssh/authorized_keys

问题描述

当前设置，2 个主服务器，12 个工作服务器:worker 通过 ssh-copy-id 连接到 master，masters 和 worker 正在将数据写入 masters 的 redis-queues 中.过去一周我一直面临的问题是 redis 正在向 authorized_keys 文件中写入数据，我无法重现此问题或确认哪个服务器正在执行此操作.我查看了 redis 配置文件，但没有找到任何可以使 redis 写入authorized_keys 文件的设置.有没有其他人遇到过这个问题或类似的问题，我清除了授权密钥文件，然后再次写入.

current setup, 2 master servers, 12 worker servers: workers are connected to master through ssh-copy-id, masters and workers are writing data in redis-queues on masters. issue i have been facing for past week is that redis is writing data in the authorized_keys file, i cant reproduce this issue or confirm which server is doing this. I looked into the redis config file and i didn't find any setting that would make redis write in authorized_keys file. Has anyone else faced this issue or similar, i clear the authorized keys file and it writes into it again.

推荐答案

您的服务器很可能正在/已经受到黑客"的攻击.虽然攻击可能已经结束，但您应该将您的服务器视为受到威胁并采取相应措施.这很可能与 Redis 的作者和安全研究员 Salvatore Sanfilippo aka antirez 描述的方法相同，在 this博文.

Your servers are most probably being/have been attacked by a "cracker". While it is possible that attack is over, you should treat your servers as compromised and act accordingly. This is in all likelihood the same approach described by Salvatore Sanfilippo a.k.a antirez, Redis' author and security researcher in his past, in this blog post.

为了防止这种以Redis为载体的攻击，请参考中的说明在 Quicktart 页面中保护 Redis 作为起点，在安全性页面了解更多信息.

To prevent this type of attacks which use Redis as a vector, please refer to the instructions in the Securing Redis in the Quicktart page as a starting point and the Security page for more information.

更多讨论在 /r/redis

更新:在 https://redislabs.com 上有更多关于同一主题的漫谈/blog/3-critical-points-about-security

这篇关于Redis 写入 .ssh/authorized_keys的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！