linux后门排查 #!/bin/bash # Linux 后门自动排查脚本（文件版） # 使用方法：chmod +x check.sh && sudo ./check.sh WHITELIST_IPS=( "127.0.0.1" "::1" "192.168." "10." "172.16." "172.17." "172.18." "172.19." "172.20." "172.21." "172.22." "172.23." "172.24." "172.25." "172.26." "172.27." "172.28." "172.29." "172.30." "172.31." "120.27.157.31" ) WHITELIST_PORTS=( "22" "80" "443" "3306" "5432" "6379" "27017" "8080" "8443" "8888" "29000" "29400" "29401" "29200" "29702" "34816" "888" "29301" "29712" ) SUSPECT_KEYWORDS=("curl" "wget" "nc " "bash -i" "perl -e" "python -c" "ruby -e" "php -r" "base64 -d" "/dev/tcp" "/dev/udp") MINER_KEYWORDS=("minerd" "xmrig" "cpuminer" "cryptonight" "stratum" "kdevtmpfsi" "kinsing") log_info() { echo -e "\033[32m[INFO]\033[0m $1"; } log_warn() { echo -e "\033[33m[WARN]\033[0m $1"; } log_error() { echo -e "\033[31m[ERROR]\033[0m $1"; } is_ip_whitelisted() { local ip=$1; for w in "${WHITELIST_IPS[@]}"; do [[ "$ip" == "$w"* ]] && return 0; done; return 1; } is_port_whitelisted() { local port=$1; for p in "${WHITELIST_PORTS[@]}"; do [[ "$port" == "$p" ]] && return 0; done; return 1; } echo "==================== Linux 后门自动排查报告 ====================" echo "时间: $(date) | 主机: $(hostname)" echo "" errors=(); warnings=() cpu_idle=$(top -bn1 | grep "%Cpu" | awk -F 'id' '{print $1}' | awk '{print $NF}') cpu_idle_int=${cpu_idle%.*} if [[ $cpu_idle_int -lt 70 ]]; then log_warn "CPU 空闲率仅 ${cpu_idle_int}%"; warnings+=("CPU过高"); else log_info "CPU 空闲率 ${cpu_idle_int}%"; fi miner_procs=$(ps aux | grep -E "$(IFS='|'; echo "${MINER_KEYWORDS[*]}")" | grep -v grep) if [[ -n "$miner_procs" ]]; then log_error "发现疑似挖矿进程"; errors+=("挖矿进程"); echo "$miner_procs"; else log_info "无挖矿进程"; fi suspect_procs=$(ps aux | grep -E "$(IFS='|'; echo "${SUSPECT_KEYWORDS[*]}")" | grep -v grep) if [[ -n "$suspect_procs" ]]; then log_warn "发现可疑命令行"; warnings+=("可疑进程命令"); echo "$suspect_procs"; else log_info "无可疑进程命令"; fi echo ""; echo "--- 外部连接 ---" external=$(lsof -i -P -n 2>/dev/null | grep -v "127.0.0.1\|::1" | grep ESTABLISHED) if [[ -z "$external" ]]; then log_info "无外部 ESTABLISHED 连接"; else suspicious_conn=0 while IFS= read -r line; do target=$(echo "$line" | awk '{print $NF}' | awk -F'->' '{print $2}') if [[ -n "$target" ]]; then ip=$(echo "$target" | cut -d: -f1) if ! is_ip_whitelisted "$ip"; then log_error "非白名单连接: $target" errors+=("外部连接 $target") suspicious_conn=1 else log_info "白名单连接: $target" fi fi done <<< "$external" if [[ $suspicious_conn -eq 0 ]]; then log_info "所有外部连接均在白名单内"; fi fi echo ""; echo "--- 监听端口 ---" listening_ports=$(netstat -antlp 2>/dev/null | grep LISTEN | grep -v "127.0.0.1\|::1" | awk '{print $4}' | sed 's/.*://' | sort -u) for port in $listening_ports; do if ! is_port_whitelisted "$port"; then log_warn "非常规监听端口: $port" warnings+=("监听端口$port") fi done if [[ -z "$listening_ports" ]]; then log_info "无监听端口（或全部过滤）"; fi echo ""; echo "--- 可疑进程路径 ---" suspicious_paths="" for pid in $(ps -e -o pid=); do if [[ -d /proc/$pid ]]; then exe=$(ls -l /proc/$pid/exe 2>/dev/null | awk '{print $NF}') if [[ "$exe" == "/tmp/"* || "$exe" == "/dev/shm/"* || "$exe" == *"/..."* || "$exe" == " (deleted)" ]]; then cmd=$(cat /proc/$pid/cmdline 2>/dev/null | tr '\0' ' ') suspicious_paths+="PID:$pid EXE:$exe CMD:$cmd\n" fi fi done if [[ -n "$suspicious_paths" ]]; then log_error "发现可疑进程路径"; errors+=("可疑路径"); echo -e "$suspicious_paths"; else log_info "所有进程路径正常"; fi echo ""; echo "--- 计划任务 ---" cron_suspect="" for user in $(cut -f1 -d: /etc/passwd); do cron_suspect+=$(crontab -u $user -l 2>/dev/null) done cron_suspect+=$(cat /etc/crontab 2>/dev/null) cron_suspect+=$(cat /etc/cron.d/* 2>/dev/null | grep -v "^#") if echo "$cron_suspect" | grep -qE "$(IFS='|'; echo "${SUSPECT_KEYWORDS[*]}")"; then log_error "计划任务中存在可疑命令"; errors+=("cron可疑"); echo "$cron_suspect" | grep -E "$(IFS='|'; echo "${SUSPECT_KEYWORDS[*]}")" else log_info "计划任务无异常" fi echo ""; echo "--- SSH authorized_keys ---" if [[ -s /root/.ssh/authorized_keys ]]; then log_warn "SSH authorized_keys 非空，请人工确认"; warnings+=("authorized_keys非空"); cat /root/.ssh/authorized_keys; else log_info "无 SSH authorized_keys 后门"; fi echo ""; echo "--- LD_PRELOAD ---" if [[ -s /etc/ld.so.preload ]]; then log_error "ld.so.preload 存在"; errors+=("ld.so.preload"); cat /etc/ld.so.preload; else log_info "ld.so.preload 正常"; fi echo ""; echo "--- 登录记录 ---" last_output=$(last -20 | grep -v "still logged in") known_ips=$(echo "$last_output" | awk '{print $3}' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' | sort -u) for ip in $known_ips; do if ! is_ip_whitelisted "$ip"; then log_error "非白名单IP登录: $ip" errors+=("登录IP $ip") fi done if [[ ${#errors[@]} -eq 0 ]]; then log_info "所有登录IP均在白名单内"; fi echo ""; echo "--- SSH 暴力破解迹象 ---" if [[ -f /var/log/secure ]]; then fail_count=$(grep "Failed password" /var/log/secure 2>/dev/null | wc -l) elif [[ -f /var/log/auth.log ]]; then fail_count=$(grep "Failed password" /var/log/auth.log 2>/dev/null | wc -l) else fail_count=0 fi if [[ $fail_count -gt 100 ]]; then log_warn "SSH失败尝试次数较多 ($fail_count)"; warnings+=("暴力破解迹象"); else log_info "SSH失败尝试较少 ($fail_count)"; fi echo ""; echo "==================== 综合结论 ====================" if [[ ${#errors[@]} -gt 0 ]]; then echo -e "\033[31m❌ 检测到明确恶意迹象！请立即处理。\033[0m" printf " - %s\n" "${errors[@]}" echo "建议：封禁IP、杀进程、删文件、改密码，必要时重装系统。" elif [[ ${#warnings[@]} -gt 0 ]]; then echo -e "\033[33m⚠️ 发现可疑迹象，建议人工复核。\033[0m" printf " - %s\n" "${warnings[@]}" else echo -e "\033[32m✅ 未发现明显后门迹象。系统基本安全。\033[0m" fi直接在root目录下新建文件check.sh，贴入上面内容回到根目录运行 ./check.sh显示结果参考[root@ah-ipv6 ~]# ./check.sh ==================== Linux 后门自动排查报告 ==================== 时间: 2026年 05月 21日 星期四 15:02:39 CST | 主机: ah-ipv6 [INFO] CPU 空闲率 96% [INFO] 无挖矿进程 [INFO] 无可疑进程命令 --- 外部连接 --- [INFO] 所有外部连接均在白名单内 --- 监听端口 --- --- 可疑进程路径 --- [INFO] 所有进程路径正常 --- 计划任务 --- [INFO] 计划任务无异常 --- SSH authorized_keys --- [INFO] 无 SSH authorized_keys 后门 --- LD_PRELOAD --- [INFO] ld.so.preload 正常 --- 登录记录 --- [INFO] 所有登录IP均在白名单内 --- SSH 暴力破解迹象 --- [INFO] SSH失败尝试较少 (0) ==================== 综合结论 ==================== ✅ 未发现明显后门迹象。系统基本安全。 [root@ah-ipv6 ~]#

卸载ollama模型命令 [root@ah-ipv6 ~]# docker exec -it ollama ollama list NAME ID SIZE MODIFIED deepseek-r1:7b 755ced02ce7b 4.7 GB 21 minutes ago [root@ah-ipv6 ~]# docker exec -it ollama ollama rm deepseek-r1:7b deleted 'deepseek-r1:7b' [root@ah-ipv6 ~]# docker exec -it ollama ollama list NAME ID SIZE MODIFIED [root@ah-ipv6 ~]# docker exec -it ollama sh -c "rm -rf /root/.ollama/models/blobs/* 2>/dev/null || true" [root@ah-ipv6 ~]# docker exec -it ollama ollama run deepseek-r1:1.5b

centos7.9安装ds蒸馏模型记录 安装 Ollamacurl -fsSL https://ollama.com/install.sh | sh报错[root@ah-ipv6 ~]# curl -fsSL https://ollama.com/install.sh | sh >>> Installing ollama to /usr/local ERROR: This version requires zstd for extraction. Please install zstd and try again: - Debian/Ubuntu: sudo apt-get install zstd - RHEL/CentOS/Fedora: sudo dnf install zstd - Arch: sudo pacman -S zstd [root@ah-ipv6 ~]#安装报错是因为 Ollama 的安装脚本需要 zstd 这个压缩工具来解压文件。这个错误信息已经直接给出了解决方案：先安装 zstd 再重试即可。安装 zstdsudo dnf install -y zstd还是报错[root@ah-ipv6 ~]# sudo dnf install -y zstd sudo: dnf：找不到命令 [root@ah-ipv6 ~]#报错 sudo: dnf：找不到命令 说明系统中没有 dnf 这个包管理器。这是因为 CentOS 7 及更早的 RHEL 系统默认使用 yum 作为包管理器，并未预装 dnf。此系统应该也属于这种情况。CentOS 7 的 yum 官方源已停用，以及某些第三方源（如 EPEL）因压缩格式不兼容也会报错。使用正确的包管理器安装 zstd[root@ah-ipv6 ~]# # 清理yum缓存并生成新缓存 [root@ah-ipv6 ~]# sudo yum clean all 已加载插件：fastestmirror, product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. 正在清理软件源： base cloudflared-stable docker-ce-stable epel extras updates Cleaning up list of fastest mirrors [root@ah-ipv6 ~]# sudo yum makecache 已加载插件：fastestmirror, product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. Determining fastest mirrors epel/x86_64/metalink | 4.2 kB 00:00:00 * base: mirrors.aliyun.com * epel: d2lzkl7pfhq30w.cloudfront.net * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com base | 3.6 kB 00:00:00 cloudflared-stable | 1.5 kB 00:00:00 docker-ce-stable | 3.5 kB 00:00:00 epel | 4.3 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/22): base/7/x86_64/group_gz | 153 kB 00:00:00 (2/22): base/7/x86_64/primary_db | 6.1 MB 00:00:03 (3/22): base/7/x86_64/filelists_db | 7.2 MB 00:00:03 (4/22): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:00 (5/22): docker-ce-stable/x86_64/filelists_db | 66 kB 00:00:00 (6/22): docker-ce-stable/x86_64/primary_db | 152 kB 00:00:00 (7/22): docker-ce-stable/x86_64/other_db | 145 kB 00:00:00 (8/22): base/7/x86_64/other_db | 2.6 MB 00:00:01 (9/22): epel/x86_64/group | 399 kB 00:00:00 (10/22): cloudflared-stable/filelists | 377 B 00:00:02 (11/22): cloudflared-stable/other | 423 B 00:00:02 (12/22): epel/x86_64/filelists_db | 15 MB 00:00:01 (13/22): epel/x86_64/updateinfo | 1.0 MB 00:00:00 (14/22): epel/x86_64/prestodelta | 592 B 00:00:00 (15/22): epel/x86_64/primary_db | 8.7 MB 00:00:00 (16/22): extras/7/x86_64/filelists_db | 305 kB 00:00:00 (17/22): extras/7/x86_64/other_db | 154 kB 00:00:00 (18/22): extras/7/x86_64/primary_db | 253 kB 00:00:00 (19/22): epel/x86_64/other_db | 4.1 MB 00:00:00 (20/22): updates/7/x86_64/filelists_db | 15 MB 00:00:08 (21/22): updates/7/x86_64/other_db | 1.6 MB 00:00:00 (22/22): updates/7/x86_64/primary_db | 27 MB 00:00:15 One of the configured repositories failed (未知), and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this: 1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Run the command with the repository temporarily disabled yum --disablerepo=<repoid> ... 4. Disable the repository permanently, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable <repoid> or subscription-manager repos --disable=<repoid> 5. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true Parsing primary.xml error: Start tag expected, '<' not found [root@ah-ipv6 ~]#看起来问题出在 cloudflared-stable 或 docker-ce-stable 这两个第三方仓库的元数据损坏了，导致 yum makecache 整体失败。我们可以暂时禁用它们，只从 CentOS 官方源和 EPEL 源安装 zstd。# 1. 禁用有问题的仓库，然后安装 zstd sudo yum --disablerepo=cloudflared-stable --disablerepo=docker-ce-stable install -y zstd运行结果[root@ah-ipv6 ~]# sudo yum --disablerepo=cloudflared-stable --disablerepo=docker-ce-stable install -y zstd 已加载插件：fastestmirror, product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. Loading mirror speeds from cached hostfile epel/x86_64/metalink | 4.2 kB 00:00:00 * base: mirrors.aliyun.com * epel: d2lzkl7pfhq30w.cloudfront.net * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com base | 3.6 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 正在解决依赖关系 --> 正在检查事务 ---> 软件包 zstd.x86_64.0.1.5.5-1.el7 将被 安装 --> 解决依赖关系完成 依赖关系解决 ================================================================================================================================================================================================= Package 架构 版本 源 大小 ================================================================================================================================================================================================= 正在安装: zstd x86_64 1.5.5-1.el7 epel 449 k 事务概要 ================================================================================================================================================================================================= 安装 1 件包 总下载量：449 k 安装大小：1.7 M Downloading packages: zstd-1.5.5-1.el7.x86_64.rpm | 449 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction 正在安装 : zstd-1.5.5-1.el7.x86_64 1/1 验证中 : zstd-1.5.5-1.el7.x86_64 1/1 已安装: zstd.x86_64 0:1.5.5-1.el7 完毕！ [root@ah-ipv6 ~]#zstd 已经成功安装。现在继续安装 Ollama：curl -fsSL https://ollama.com/install.sh | sh安装完成后，验证一下：ollama --version正常输出版本号（例如 ollama version is 0.5.1），就可以拉取并运行模型了。ollama run deepseek-r1:7bOllama 会自动下载模型并启动对话。出现 >>> Send a message (/? for help) 提示时，就说明成功了。

PLM 批量查询工具问题分析与解决办法 初始问题现象上传 Excel（大量编号），页面显示 500 Internal Server Error。原因分析逐条查询导致超时原始代码对每个编号都执行 2 次独立的 SQL 查询，假设有 200 个编号，就需要 400 次数据库往返。PHP 默认 max_execution_time 为 30 秒，这种循环必然超时。超时后 PHP 进程被强制终止，Web 服务器返回 500 错误。无超时与内存配置未设置 set_time_limit 与 memory_limit，无法应对大数据量处理。错误信息不可见代码未将错误细节暴露给前端，只返回笼统的 500，难以排查。解决办法（根本方案）改循为批量查询：将所有编号一次传入 SQL，用单次查询替代多次查询。增加超时与内存设置：set_time_limit(600)、ini_set('memory_limit', '512M')。增强错误提示：每个可能失败点都将错误信息捕获到 $error 变量，在前端明确显示。{dotted startColor="#ff6c6c" endColor="#1989fa"/}再次出现问题：ORA-01460现象改用批量查询后，当编号总量大时，提示：批量查询执行失败：ORA-01460: 转换请求无法实施或不合理原因分析批量查询将多个编号拼接成 'id1,id2,id3,...' 的字符串，绑定到 :id_list 参数。Oracle 的 VARCHAR2 默认最大长度为 4000 字节（字符集 AL32UTF8 下，一个中文占 3 字节，但编号为字母数字，每个占 1 字节）。当编号数量很多时（比如 500 个编号，每个 12 字符，加上逗号可达 6500 字节），超出 4000 字节限制，Oracle 无法隐式转换，抛出 ORA-01460。解决办法：分批查询（Batch）将编号数组按 100 个一组切片（array_chunk）。循环执行批量查询，每次绑定 :id_list 只包含 100 个以内的编号，保证字符串长度远低于 4000 字节。合并各批次结果，生成最终的 CSV。计算验证：编号格式如 CB115F0B0002 只有 12 字符。100 个编号拼接长度 ≈ 12×100 + 99 = 1299 字节，安全。批量查询 SQL（单批次）$batchSql = " WITH input_ids AS ( SELECT TRIM(COLUMN_VALUE) AS body_id FROM XMLTABLE(('\"' || REPLACE(:id_list, ',', '\",\"') || '\"')) ), comp_masters AS ( SELECT i.body_id, bs.END2\$MASTER AS master_fk FROM input_ids i JOIN PLM2024.BOMVIEW_0 bv ON bv.MD_ID = i.body_id JOIN PLM2024.BOMSTRUCTURE_0 bs ON bs.VIEWFK = bv.GUID ), item_with_rn AS ( SELECT cm.body_id, it.MD_NAME, it.MD_ID, it.SPECIFICATION, it.REVISIONID, ROW_NUMBER() OVER (PARTITION BY cm.body_id, it.MD_ID ORDER BY it.REVISIONID DESC) AS rn FROM comp_masters cm JOIN PLM2024.ITEM_0 it ON it.MASTERFK = cm.master_fk ), latest_component AS ( SELECT body_id, MD_NAME, MD_ID, SPECIFICATION FROM item_with_rn WHERE rn = 1 ), original_item AS ( SELECT i.body_id, i0.SPECIFICATION AS spec, i1.F_000160 AS product_desc FROM input_ids i JOIN PLM2024.ITEM_0 i0 ON i0.MD_ID = i.body_id LEFT JOIN PLM2024.ITEM_1 i1 ON i1.FOUNDATIONFK = i0.GUID ) SELECT cs.body_id AS \"编号\", oi.product_desc AS \"品号描述\", oi.spec AS \"规格\", cs.MD_NAME, cs.MD_ID, cs.SPECIFICATION FROM latest_component cs LEFT JOIN original_item oi ON cs.body_id = oi.body_id ORDER BY cs.body_id, cs.MD_ID ";分批执行并合并结果foreach ($batches as $batch) { $idListStr = implode(',', $batch); $stmt = oci_parse($conn, $batchSql); if (!$stmt) { $e = oci_error($conn); $error = "SQL 解析失败：" . $e['message']; break; } oci_bind_by_name($stmt, ':id_list', $idListStr); if (!oci_execute($stmt)) { $e = oci_error($stmt); $error = "查询执行失败：" . $e['message']; oci_free_statement($stmt); break; } while ($row = oci_fetch_array($stmt, OCI_ASSOC + OCI_RETURN_NULLS)) { $outputData[] = $row; } oci_free_statement($stmt); }超时与错误可见性set_time_limit(600); ini_set('memory_limit', '512M'); ini_set('display_errors', 0); // 生产环境禁止直接输出 error_reporting(E_ALL); // 致命错误兜底 register_shutdown_function(function() use (&$error) { $last = error_get_last(); if ($last && in_array($last['type'], [E_ERROR, E_PARSE, E_CORE_ERROR, E_COMPILE_ERROR])) { if (empty($error)) { $error = "致命错误: " . $last['message']; } } });问题解决流程总结原始 500 错误 → 循环查询导致超时 → 改为单次批量查询。批量查询又报 ORA-01460 → 输入字符串超过 4000 字节 → 改为按 100 个一批分多次查询。增强健壮性 → 每个步骤检测错误并显式输出，配置超时与内存。最终效果：无论 Excel 包含多少个编号，都能在几秒内稳定完成查询，且错误原因一目了然。

搭建SSH隧道 建立单个临时隧道（手工，不保活）在内网服务器上执行：ssh -p 公网SSH端口 -R 公网端口:127.0.0.1:内网端口 root@公网IP注意加上 -fN 可后台运行：ssh -fN -p 50001 -R ...此隧道断开后不会自动重连，适合临时测试。{dotted startColor="#ff6c6c" endColor="#1989fa"/}{card-default label="建立保活的隧道（autossh + systemd）" width=""}安装 autossh（内网服务器）yum install -y epel-release && yum install -y autossh配置 SSH 免密登录（必须）ssh-keygen -t rsa -b 4096 -N "" -f ~/.ssh/id_rsa ssh-copy-id -p 50001 root@120.47.167.39测试：ssh -p 50001 root@120.47.167.39 echo "OK" 不输密码即成功。创建 systemd 服务文件cat > /etc/systemd/system/autossh-tunnel.service <<EOF [Unit] Description=AutoSSH tunnel After=network.target [Service] Environment="AUTOSSH_GATETIME=0" ExecStart=/usr/bin/autossh -M 0 -NT -p 50001 -o "ServerAliveInterval=30" -o "ServerAliveCountMax=3" -o "ExitOnForwardFailure=yes" -o "StrictHostKeyChecking=no" -R 29000:127.0.0.1:29000 -R 34816:127.0.0.1:34816 root@120.47.167.39 Restart=always RestartSec=10 User=root [Install] WantedBy=multi-user.target EOF启动并启用服务systemctl daemon-reload systemctl enable autossh-tunnel systemctl start autossh-tunnel systemctl status autossh-tunnel # 应显示 active (running){/card-default}{dotted startColor="#ff6c6c" endColor="#1989fa"/}后续如何添加新的隧道方法一：修改现有 systemd 服务停止服务：systemctl stop autossh-tunnel编辑服务文件：vi /etc/systemd/system/autossh-tunnel.service在 ExecStart 行中增加新的 -R 公网端口:127.0.0.1:内网端口ssh -fN -p 50001 -R 新公网端口:127.0.0.1:新内网端口 root@120.47.167.39重载配置并重启：systemctl daemon-reload systemctl restart autossh-tunnel方法二：临时添加（不保活，仅测试）ssh -fN -p 50001 -R 新公网端口:127.0.0.1:新内网端口 root@120.47.167.39检查隧道状态是否正常查看 autossh 服务状态（内网服务器）systemctl status autossh-tunnelactive (running) 表示进程在运行。若显示 failed，查看日志：journalctl -u autossh-tunnel -n 50查看公网服务器端口监听在公网服务器上执行：ss -tlnp | grep -E "29000|34816"应看到 0.0.0.0:29000 和 0.0.0.0:34816，进程为 sshd。从外网测试端口连通性（Windows PowerShell）Test-NetConnection -ComputerName 120.47.167.39 -Port 29000 Test-NetConnection -ComputerName 120.47.167.39 -Port 34816结果应为 TcpTestSucceeded : True。{dotted startColor="#ff6c6c" endColor="#1989fa"/}关机后如何重启场景一：内网服务器关机后重启autossh 服务已设置 enable，开机后自动启动。等待约 10-30 秒（网络就绪 + autossh 重连），隧道自动恢复。公网服务器无需任何操作。验证：systemctl status autossh-tunnel 和 ss -tlnp。场景二：公网服务器关机后重启需要确保公网服务器上的 sshd 服务开机自启（默认已启用）。内网服务器的 autossh 会检测到连接断开，并自动尝试重连（每 10 秒一次），一旦公网 SSH 恢复，隧道自动重建。无需人工干预。场景三：两个服务器都重启了顺序无所谓，autossh 会持续重连直到成功。建议等待 1 分钟后检查。手动重启隧道systemctl restart autossh-tunnel