Google Computer Engine 中 /home/gke 中的未知用户
Unknown users in /home/gke in Google Computer Engine
我选择 Google 云实例是作为新系统用户创建的。
格式为:/home/gke-xxxxxxxxxx
这些用户出现在基于 Debian 和 Google 容器引擎的 Linux 实例中。
例如:
root@node1:/home# ls -lh
total 24K
drwxr-xr-x 3 gke-34cf46593ebc10a5beb5 gke-34cf46593ebc10a5beb5 4.0K Sep 29 04:18 gke-34cf46593ebc10a5beb5
drwxr-xr-x 3 gke-b230f34ceeb7c905fdb6 gke-b230f34ceeb7c905fdb6 4.0K Sep 29 04:18 gke-b230f34ceeb7c905fdb6
root@node1:/etc# cat /etc/passwd | grep gke
gke-34cf46593ebc10a5beb5:x:1021:1022::/home/gke-34cf46593ebc10a5beb5:/bin/bash
gke-b230f34ceeb7c905fdb6:x:1022:1023::/home/gke-b230f34ceeb7c905fdb6:/bin/bash
root@node1:/etc# cat /etc/group | grep gke
adm:x:4:gke-34cf46593ebc10a5beb5,gke-b230f34ceeb7c905fdb6
dip:x:30:gke-34cf46593ebc10a5beb5,gke-b230f34ceeb7c905fdb6
video:x:44:gke-34cf46593ebc10a5beb5,gke-b230f34ceeb7c905fdb6
plugdev:x:46:gke-34cf46593ebc10a5beb5,gke-b230f34ceeb7c905fdb6
google-sudoers:x:1000:gke-34cf46593ebc10a5beb5,gke-b230f34ceeb7c905fdb6
gke-34cf46593ebc10a5beb5:x:1022:
gke-b230f34ceeb7c905fdb6:x:1023:
这是一段登录:/var/log/auth.log
Sep 29 04:18:57 node1 useradd[11226]: new group: name=gke-34cf46593ebc10a5beb5, GID=1022
Sep 29 04:18:57 node1 useradd[11226]: new user: name=gke-34cf46593ebc10a5beb5, UID=1021, GID=1022, home=/home/gke-34cf46593ebc10a5beb5, shell=/bin/bash
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to group 'adm'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to group 'dip'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to group 'video'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to group 'plugdev'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to group 'google-sudoers'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to shadow group 'adm'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to shadow group 'dip'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to shadow group 'video'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to shadow group 'plugdev'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to shadow group 'google-sudoers'
Sep 29 04:18:57 node1 useradd[11236]: new group: name=gke-b230f34ceeb7c905fdb6, GID=1023
Sep 29 04:18:57 node1 useradd[11236]: new user: name=gke-b230f34ceeb7c905fdb6, UID=1022, GID=1023, home=/home/gke-b230f34ceeb7c905fdb6, shell=/bin/bash
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to group 'adm'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to group 'dip'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to group 'video'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to group 'plugdev'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to group 'google-sudoers'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to shadow group 'adm'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to shadow group 'dip'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to shadow group 'video'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to shadow group 'plugdev'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to shadow group 'google-sudoers'
我怀疑这是 Google Cloud 的一些内部事物。
防火墙不允许在我授权的 IP 之外进行 SSH 连接。
这些用户出现的原因是什么?
谢谢大家。
在您的项目中创建 GKE 集群时,它还会在项目元数据中添加与其关联的 SSH 密钥。可以通过转到 Google Cloud Console -> Compute Engine -> Metadata -> SSH keys 来显示这些 SSH 密钥。
Project-Wide SSH keys, like the ones created during the deployment of GKE clusters, are transferred to all the instances in your project unless the instance is defined to work with specific keys。这些密钥被复制到每个用户的每个 VM 的主目录中 (/home/user/.ssh)。当您删除 GKE 部署时,SSH 密钥将从元数据中删除。从元数据中删除的密钥也会从 /home/user/.ssh/authorized_keys 中删除。 Neverhteless 用户的主目录不会在 VM 上删除。
我选择 Google 云实例是作为新系统用户创建的。 格式为:/home/gke-xxxxxxxxxx
这些用户出现在基于 Debian 和 Google 容器引擎的 Linux 实例中。
例如:
root@node1:/home# ls -lh
total 24K
drwxr-xr-x 3 gke-34cf46593ebc10a5beb5 gke-34cf46593ebc10a5beb5 4.0K Sep 29 04:18 gke-34cf46593ebc10a5beb5
drwxr-xr-x 3 gke-b230f34ceeb7c905fdb6 gke-b230f34ceeb7c905fdb6 4.0K Sep 29 04:18 gke-b230f34ceeb7c905fdb6
root@node1:/etc# cat /etc/passwd | grep gke
gke-34cf46593ebc10a5beb5:x:1021:1022::/home/gke-34cf46593ebc10a5beb5:/bin/bash
gke-b230f34ceeb7c905fdb6:x:1022:1023::/home/gke-b230f34ceeb7c905fdb6:/bin/bash
root@node1:/etc# cat /etc/group | grep gke
adm:x:4:gke-34cf46593ebc10a5beb5,gke-b230f34ceeb7c905fdb6
dip:x:30:gke-34cf46593ebc10a5beb5,gke-b230f34ceeb7c905fdb6
video:x:44:gke-34cf46593ebc10a5beb5,gke-b230f34ceeb7c905fdb6
plugdev:x:46:gke-34cf46593ebc10a5beb5,gke-b230f34ceeb7c905fdb6
google-sudoers:x:1000:gke-34cf46593ebc10a5beb5,gke-b230f34ceeb7c905fdb6
gke-34cf46593ebc10a5beb5:x:1022:
gke-b230f34ceeb7c905fdb6:x:1023:
这是一段登录:/var/log/auth.log
Sep 29 04:18:57 node1 useradd[11226]: new group: name=gke-34cf46593ebc10a5beb5, GID=1022
Sep 29 04:18:57 node1 useradd[11226]: new user: name=gke-34cf46593ebc10a5beb5, UID=1021, GID=1022, home=/home/gke-34cf46593ebc10a5beb5, shell=/bin/bash
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to group 'adm'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to group 'dip'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to group 'video'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to group 'plugdev'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to group 'google-sudoers'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to shadow group 'adm'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to shadow group 'dip'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to shadow group 'video'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to shadow group 'plugdev'
Sep 29 04:18:57 node1 usermod[11231]: add 'gke-34cf46593ebc10a5beb5' to shadow group 'google-sudoers'
Sep 29 04:18:57 node1 useradd[11236]: new group: name=gke-b230f34ceeb7c905fdb6, GID=1023
Sep 29 04:18:57 node1 useradd[11236]: new user: name=gke-b230f34ceeb7c905fdb6, UID=1022, GID=1023, home=/home/gke-b230f34ceeb7c905fdb6, shell=/bin/bash
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to group 'adm'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to group 'dip'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to group 'video'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to group 'plugdev'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to group 'google-sudoers'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to shadow group 'adm'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to shadow group 'dip'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to shadow group 'video'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to shadow group 'plugdev'
Sep 29 04:18:57 node1 usermod[11241]: add 'gke-b230f34ceeb7c905fdb6' to shadow group 'google-sudoers'
我怀疑这是 Google Cloud 的一些内部事物。 防火墙不允许在我授权的 IP 之外进行 SSH 连接。 这些用户出现的原因是什么?
谢谢大家。
在您的项目中创建 GKE 集群时,它还会在项目元数据中添加与其关联的 SSH 密钥。可以通过转到 Google Cloud Console -> Compute Engine -> Metadata -> SSH keys 来显示这些 SSH 密钥。
Project-Wide SSH keys, like the ones created during the deployment of GKE clusters, are transferred to all the instances in your project unless the instance is defined to work with specific keys。这些密钥被复制到每个用户的每个 VM 的主目录中 (/home/user/.ssh)。当您删除 GKE 部署时,SSH 密钥将从元数据中删除。从元数据中删除的密钥也会从 /home/user/.ssh/authorized_keys 中删除。 Neverhteless 用户的主目录不会在 VM 上删除。