linux centos6.5
当从一台机器执行scp的时候,报错:
Permission denied, please try again.
报错的消息是没有权限,密码应该是正确的,也可以得到验证。
那么怎么会没有权限呢?我用的不是root用户,并且root用户也应该是有权限的。
查看服务器端的日志文件/var/log/secure,当输入密码后,报错信息如下:
sshd[27915]: Connection closed by xxxxxxx
sshd[27939]: pam_listfile(sshd:auth): Refused user oracle for service sshd
sshd[27939]: Failed password for oracle from xxxxx port 63581 ssh2
关键的错误是: pam_listfile(sshd:auth): Refused user oracle for service sshd
查看文件/etc/pam.d/sshd
这个东西没有研究过,也没有遇到过类似的错误,但是可以使用对比大发,找到一台正常的服务器,对比这两个文件
有错误的:
#%PAM-1.0
auth required pam_listfile.so item=user sense=allow file=/etc/sshusers-allowed onerr=fail
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
正常的:
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
发现有错误的上面多了一行,注释掉这行,然后重启sshd服务试试:
# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
好了。
上面/etc/sshusers-allowed文件的作用是只允许里面的用户连接ssh,是一种安全机制。