SSH登录报pam_unix(sshd:auth): authentication failure的案例
2020-05-01 10:30 潇湘隐者 阅读(35407) 评论(0) 编辑 收藏 举报
修改一台Linux服务器(RHEL 6.6)的root密码后,然后使用ssh验证测试时,发现其提示“密码验证失败.请检查用户名和密码是否正确”,仔细核对,账号密码确实没有错误。但是检查日志/var/log/secure发现下面错误信息
Apr 28 15:22:56 mylnx2 passwd: pam_unix(passwd:chauthtok): password changed for root
Apr 28 15:25:24 mylnx2 sshd[3037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx user=root
Apr 28 15:25:26 mylnx2 sshd[3037]: Failed password for root from 192.168.103.63 port 51422 ssh2
Apr 28 15:25:41 mylnx2 sshd[3037]: Failed password for root from 192.168.103.63 port 51422 ssh2
Apr 28 15:25:45 mylnx2 sshd[3039]: Received disconnect from 192.168.103.63: 13: The user canceled authentication.
Apr 28 15:25:45 mylnx2 sshd[3037]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxxx.xxx.xxx user=root
Apr 28 15:26:24 mylnx2 sshd[3058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxxx.xxx.xxx.com user=root
Apr 28 15:26:27 mylnx2 sshd[3058]: Failed password for root from 192.168.103.63 port 51480 ssh2
Apr 28 15:26:33 mylnx2 sshd[3058]: Failed password for root from 192.168.103.63 port 51480 ssh2
Apr 28 15:26:42 mylnx2 sshd[3058]: Failed password for root from 192.168.103.63 port 51480 ssh2
因为当前我是通过JumpServer连接到这台服务器的,验证测试则是直接从我笔记本通过ssh连接测试,之前遇到过“Linux ssh突然连接不了的案例浅析”“,所以检查/etc/ssh/sshd_config设置是否允许我的笔记本ssh访问。发现配置没有错误。
然后又检查/etc/hosts.deny是否禁止这台机器访问,发现没有这种配置。
[root@mylnx2 log]# more /etc/hosts.allow
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
[root@mylnx2 log]# more /etc/hosts.deny
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
实在是有点懵逼了,屡次尝试都没有找到root cause反而激起了我不服输的斗志,一定要搞清楚到底是什么原因,然后仔细一项一项检查,最后发现是因为/etc/ssh/sshd_config的PermitRootLogin选项为no禁止root账号登录,瞬间汗颜了!!! 平时都是通过JumpServer登录,反而忘记了这台服务器禁止root登录。
关于PermitRootLogin,它表示是否允许 root 登录。它有下面几个选项:
"yes"(默认) 表示允许。
"no"表示禁止。
"without-password" 表示禁止使用密码认证登录。只允许root用public key认证方式登录
"forced-commands-only" 表示只有在指定了 command 选项的情况下才允许使用公钥认证登录。同时其它认证方法全部被禁止。这个值常用于做远程备份之类的事情
这篇博客“sshd_config 中 PermitRootLogin 的探讨”对这个参数做了详细深入的介绍,有兴趣移步学习了解:
参数类别 |
是否允许ssh登陆 |
登录方式 |
交互shell |
yes |
允许 |
没有限制 |
没有限制 |
without-password |
允许 |
除密码以外 |
没有限制 |
forced-commands-only |
允许 |
仅允许使用密钥 |
仅允许已授权的命令 |
no |
不允许 |
N/A |
N/A |
参考资料:
https://blog.csdn.net/huigher/article/details/52972013