碼上歡樂
相關內容    簡體    繁體

linux環境中,ssh登錄報錯,Permission denied, please try again.

本文轉載自   查看原文   2018-08-01 13:37   32555    (01)linux/ linux ssh無法登錄/ linux Permission denied/ please try again.

問題描述:

  今天早上一個同事反應一個問題,通過ssh登錄一台測試機的時候,發現兩個賬號,都是普通賬號,一個賬號能夠登錄,

  另外一個賬號無法登錄.問他之前有做過什么變更嗎,提到的就是之前有升級過openssh的版本,其他的沒有做過什么.

問題處理:

嘗試了以下的解決方法:

  • 1.首先以普通的用戶登錄,然后通過su切換到該用戶是能夠切換的
  • 2.修改了sshd_config配置文件中的AllowUser也沒有用
  • 3.在遠程主機上使用ssh -vvv的方法打出調試信息,也沒有發現更有用的信息
  • 4.試圖將pam.d中的login文件都注釋掉,但是也沒有解決問題.
  • 5.通過passwd -S查看賬戶的狀態是正常的

最終解決方法:

1.在sshd_config中將日志級別開啟為DEBUG模式

LogLevel DEBUG

2.重啟sshd服務

3.然后通過遠程登錄,收集日志,發現有如下日志

Aug  1 12:32:03 4A-LF-w10 sshd[171843]: debug1: userauth-request for user oracle service ssh-connection method none [preauth]
Aug  1 12:32:03 4A-LF-w10 sshd[171843]: debug1: attempt 0 failures 0 [preauth]
Aug  1 12:32:03 4A-LF-w10 sshd[171843]: Account oracle has expired
Aug  1 12:32:03 4A-LF-w10 sshd[171843]: debug1: userauth_send_banner: sent [preauth]
Aug  1 12:32:03 4A-LF-w10 sshd[171515]: debug1: Forked child 171860.

備注:通過以上信息,顯示oracle賬戶過期了,怎么可能,默認的賬號不都是永不過期嗎?

4.查看oracle的狀態

[root@4A-LF-w10 ssh]# chage -l oracle
Last password change					: Aug 01, 2018
Password expires					: never
Password inactive					: never
Account expires						: Jan 20, 11761191   #這是什么鬼,默認不是never的嗎,怎么是這個,年份的時間顯示也是不對的啊.
Minimum number of days between password change		: 6
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 30

5.手動將賬號過期時間修改為一個月以后,然后進行ssh登錄

[root@4A-LF-w10 ssh]# chage -E "2018-09-01" oracle
[root@4A-LF-w10 ssh]# chage -l oracle
Last password change					: Aug 01, 2018
Password expires					: never
Password inactive					: never
Account expires						: Sep 01, 2018
Minimum number of days between password change		: 6
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 30

備注:發現修改為這樣的賬號過期時間之后,是能夠登錄的.所以,也就是這個時間導致的啊.那么我想要改為賬號永不過期該怎么辦呢

6.基於這個時間戳,bing搜了下,有如下文章.

文章地址:

https://bugzilla.redhat.com/show_bug.cgi?id=1183638

描述:

Description of problem:

Issue using chage command to remove Account expiration date. The year format in "Account expires" is wrong.

Version-Release number of selected component (if applicable):

shadow-utils-4.1.4.2-19.el6.x86_64       #查看我的版本,就是這個版本.

How reproducible:
This issue is reproducible with shadow-utils-4.1.4.2-19.el6.x86_64 package on RHEL-6.5 and RHEL-6.6.  #操作系統的版本也是這樣的.

Steps to Reproduce:

# chage -l friday
Last password change                                    : Jan 19, 2015
Password expires					: never
Password inactive  					: never
Account expires 					: never
Minimum number of days between password change   	: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires 	: 7

# chage -E -1 friday

Actual results:

# chage -l friday
Last password change					: Jan 19, 2015
Password expires 					: never
Password inactive					: never
Account expires						: Jan 20, 11761191
Minimum number of days between password change 		: 0
Maximum number of days between password change 		: 99999
Number of days of warning before password expires	: 7

Expected results:

# chage -l friday
Last password change					: Jan 19, 2015
Password expires 					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change 		: 0
Maximum number of days between password change 		: 99999
Number of days of warning before password expires	: 7

Additional info:

I have noted the entry "-2" is added in 8th column of "/etc/shadow" file.

# grep friday /etc/shadow
friday:$6$dBs1aWNG$ahInXkaUiM20opsZCGuvjRcUedH3iGVG3Fv3LzfuhR.3qgHvBbgNyyFlhiT/HOo8XRC7ZieHkwCMTMUqHmZdA/:16454:0:99999:7::-2:

The workaround for this is to manually edit the configuration file "/etc/shadow" and remove the entry "-2", it will reset the value for "Account expires" to default.

備注:通過以上的文章中的提示,就是說通過chage -E -1的方式修改賬號永不過期的時候,在shadow-utils和redhat6.6中遇到了bug,所以時間戳會有問題.

7.修改這個問題的方法,比如將賬號過期時間修改為30年后過期,或者修改/etc/shadow這個文件將-2去掉,修改掉-2之后

[root@4A-LF-w10 tmp]# cat /etc/shadow | grep oracle
oracle:$1$pWh44Lv.$NAdyWSH.ZcYzU6w1JmYVx1:17744:6:99999:30:::

原來:
oracle:$1$pWh44Lv.$NAdyWSH.ZcYzU6w1JmYVx1:17744:6:99999:30::-2:

修改之后,查看賬號過期時間:

[root@4A-LF-w10 tmp]# chage -l oracle
Last password change					: Aug 01, 2018
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 6
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 30

備注:同時也能夠通過ssh登錄了.

 

文檔創建時間:2018年8月1日13:35:56


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 ssh 遠程報錯 Permission denied, please try again.(密碼輸入正確也無法登錄) 解決Ubuntu的root賬號無法登錄SSH問題-Permission denied, please try again. 使用root用戶通過SSH登錄Linux實例時報“Permission denied, please try again”的錯誤 Jenkins連接Git倉庫時候報錯Permission denied, please try again. 使用ssh連接數據庫時出現Permission denied, please try again.解決方案 ubuntu版本scp連接Permission denied, please try again.問題 服務器ssh登錄提示“Permission denied, please try debian ssh設置root權限登陸 Permission denied, please try again git推送代碼一直報錯Permission denied, please try again怎么解決? 問題root@localhost's password:localhost:permission denied,please try again
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM