ssh配置pam登陆策略

ssh配置pam登陆策略

1.pam下sshd配置文件问题

image-20230615143915491

升级后openssh中的配置文件可能会导致root用户和普通用户输入正确密码也无法登陆

解决办法:

使用原sshd配置文件

#%PAM-1.0
auth       required     pam_sepermit.so

auth       substack     password-auth
auth       include      postlogin
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare

2.(排查问题笔记)系统日志

tail -f /var/log/messages

/var/log/messages 存放的是系统的日志信息,它记录了各种事件,基本上什么应用都能往里写日志,在做故障诊断时可以首先查看该文件内容

posted @ 2023-06-16 14:05  yy9knsg  阅读(250)  评论(0编辑  收藏  举报