代码改变世界

SSH登录报pam_unix(sshd:auth): authentication failure的案例

2020-05-01 10:30  潇湘隐者  阅读(8315)  评论(0编辑  收藏

 

修改一台Linux服务器(RHEL 6.6)的root密码后,然后使用ssh验证测试时,发现其提示密码验证失败.请检查用户名和密码是否正确,仔细核对,账号密码确实没有错误。但是检查日志/var/log/secure发现下面错误信息

 

Apr 28 15:22:56 mylnx2 passwd: pam_unix(passwd:chauthtok): password changed for root
Apr 28 15:25:24 mylnx2 sshd[3037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=root
Apr 28 15:25:26 mylnx2 sshd[3037]: Failed password for root from 192.168.103.63 port 51422 ssh2
Apr 28 15:25:41 mylnx2 sshd[3037]: Failed password for root from 192.168.103.63 port 51422 ssh2
Apr 28 15:25:45 mylnx2 sshd[3039]: Received disconnect from 192.168.103.63: 13: The user canceled authentication. 
Apr 28 15:25:45 mylnx2 sshd[3037]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxxx.xxx.xxx  user=root
Apr 28 15:26:24 mylnx2 sshd[3058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxxx.xxx.xxx.com  user=root
Apr 28 15:26:27 mylnx2 sshd[3058]: Failed password for root from 192.168.103.63 port 51480 ssh2
Apr 28 15:26:33 mylnx2 sshd[3058]: Failed password for root from 192.168.103.63 port 51480 ssh2
Apr 28 15:26:42 mylnx2 sshd[3058]: Failed password for root from 192.168.103.63 port 51480 ssh2

 

因为当前我是通过JumpServer连接到这台服务器的,验证测试则是直接从我笔记本通过ssh连接测试,之前遇到过“Linux ssh突然连接不了的案例浅析”,所以检查/etc/ssh/sshd_config设置是否允许我的笔记本ssh访问。发现配置没有错误。

 

然后又检查/etc/hosts.deny是否禁止这台机器访问,发现没有这种配置。

 

[root@mylnx2 log]# more /etc/hosts.allow
#
# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
[root@mylnx2 log]# more /etc/hosts.deny
#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers

 

实在是有点懵逼了屡次尝试都没有找到root cause反而激起了我不服输的斗志一定要搞清楚到底是什么原因然后仔细一项一项检查最后发现是因为/etc/ssh/sshd_configPermitRootLogin选项no禁止root账号登录瞬间汗颜了!!! 平时都是通过JumpServer登录,反而忘记了这台服务器禁止root登录。

 

关于PermitRootLogin,它表示是否允许 root 登录。它有下面几个选项:

            

    "yes"(默认) 表示允许。

  

    "no"表示禁止。

            

    "without-password"   表示禁止使用密码认证登录。只允许root用public key认证方式登录

            

    "forced-commands-only" 表示只有在指定了 command 选项的情况下才允许使用公钥认证登录。同时其它认证方法全部被禁止。这个值常用于做远程备份之类的事情

 

clip_image001[4]

 

 

这篇博客sshd_config 中 PermitRootLogin 的探讨对这个参数做了详细深入的介绍,有兴趣移步学习了解:

 

参数类别

是否允许ssh登陆

登录方式

交互shell

yes

允许

没有限制

没有限制

without-password

允许

除密码以外

没有限制

forced-commands-only

允许

仅允许使用密钥

仅允许已授权的命令

no

不允许

N/A

N/A

 

 

参考资料:

 

https://blog.csdn.net/huigher/article/details/52972013