SSH 密码验证失败

SSH 密码验证失败

我帮助管理一些在开发环境中运行 RHEL8/OL8 的工作站。开发人员通常通过 SSH 远程访问这些工作站。一些开发人员遇到了一个奇怪的问题,即使他们输入了正确的密码,通过 SSH(密码)进行的身份验证也会失败。

据报道,他们的账户并未被锁定passwd -S。我们还尝试将密码重置为简单的密码,但似乎没有帮助。其中一名开发人员是具有 root 访问权限的特权用户,他们能够以 root 身份通过 SSH 连接su到自己的用户帐户,不会出现任何问题,但这显然并不理想。

想知道是否有任何关于可能的原因或其他地方需要排除故障的见解。我的预感是某处可能存在安全设置,可能会导致此问题,但我不确定在哪里查找。

sshd 详细日志:

Jan 25 13:54:10 pc123 sshd[883298]: debug3: fd 7 is not O_NONBLOCK
Jan 25 13:54:10 pc123 sshd[883298]: debug1: Forked child 883385.
Jan 25 13:54:10 pc123 sshd[883298]: debug3: send_rexec_state: entering fd = 10 config len 745
Jan 25 13:54:10 pc123 sshd[883298]: debug3: ssh_msg_send: type 0
Jan 25 13:54:10 pc123 sshd[883298]: debug3: send_rexec_state: done
Jan 25 13:54:10 pc123 sshd[883385]: debug3: oom_adjust_restore
Jan 25 13:54:10 pc123 sshd[883385]: debug1: Set /proc/self/oom_score_adj to 0
Jan 25 13:54:10 pc123 sshd[883385]: debug1: rexec start in 7 out 7 newsock 7 pipe 9 sock 10
Jan 25 13:54:10 pc123 sshd[883385]: debug1: inetd sockets after dupping: 5, 5
Jan 25 13:54:10 pc123 sshd[883385]: Connection from 10.123.45.67 port 59029 on 10.111.22.33 port 22
Jan 25 13:54:10 pc123 sshd[883385]: debug1: Local version string SSH-2.0-OpenSSH_8.0
Jan 25 13:54:10 pc123 sshd[883385]: debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_8.1
Jan 25 13:54:10 pc123 sshd[883385]: debug1: match: OpenSSH_for_Windows_8.1 pat OpenSSH* compat 0x04000000
Jan 25 13:54:10 pc123 sshd[883385]: debug2: fd 5 setting O_NONBLOCK
Jan 25 13:54:10 pc123 sshd[883385]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox
Jan 25 13:54:10 pc123 sshd[883385]: debug2: Network child is on pid 883386
Jan 25 13:54:10 pc123 sshd[883385]: debug3: preauth child monitor started
Jan 25 13:54:10 pc123 sshd[883385]: debug1: SELinux support disabled [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: privsep user:group 74:74 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: permanently_set_uid: 74/74 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: send packet: type 20 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: receive packet: type 20 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: SSH2_MSG_KEXINIT received [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: local server KEXINIT proposal [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: ciphers ctos: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: ciphers stoc: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: compression ctos: none,[email protected] [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: compression stoc: none,[email protected] [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: languages ctos:  [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: languages stoc:  [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: first_kex_follows 0  [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: reserved 0  [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: peer client KEXINIT proposal [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: compression ctos: none,[email protected],zlib [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: compression stoc: none,[email protected],zlib [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: languages ctos:  [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: languages stoc:  [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: first_kex_follows 0  [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: reserved 0  [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: kex: algorithm: curve25519-sha256 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 120 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive_expect entering: type 121 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:10 pc123 sshd[883385]: debug3: monitor_read: checking request 120
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 121
Jan 25 13:54:10 pc123 sshd[883385]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 120 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive_expect entering: type 121 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:10 pc123 sshd[883385]: debug3: monitor_read: checking request 120
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 121
Jan 25 13:54:10 pc123 sshd[883385]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: receive packet: type 30 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_sshkey_sign entering [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 6 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive_expect entering: type 7 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:10 pc123 sshd[883385]: debug3: monitor_read: checking request 6
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_answer_sign
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_answer_sign: hostkey proof signature 0x55ba15421190(99)
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 7
Jan 25 13:54:10 pc123 sshd[883385]: debug2: monitor_read: 6 used once, disabling now
Jan 25 13:54:10 pc123 sshd[883385]: debug3: send packet: type 31 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: send packet: type 21 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: set_newkeys: mode 1 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: rekey out after 134217728 blocks [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: send packet: type 7 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: receive packet: type 21 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: set_newkeys: mode 0 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: rekey in after 134217728 blocks [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: KEX done [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: receive packet: type 5 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: send packet: type 6 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: receive packet: type 50 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: userauth-request for user qwer789 service ssh-connection method none [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug1: attempt 0 failures 0 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_getpwnamallow entering [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 8 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive_expect entering: type 9 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:10 pc123 sshd[883385]: debug3: monitor_read: checking request 8
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_answer_pwnamallow
Jan 25 13:54:10 pc123 sshd[883385]: debug2: parse_server_config: config reprocess config len 745
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 9
Jan 25 13:54:10 pc123 sshd[883385]: debug2: monitor_read: 8 used once, disabling now
Jan 25 13:54:10 pc123 sshd[883385]: debug2: input_userauth_request: setting up authctxt for qwer789 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_start_pam entering [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 100 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_inform_authserv entering [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 4 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_inform_authrole entering [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_send entering: type 80 [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug2: input_userauth_request: try method none [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: ensure_minimum_time_since: elapsed 0.967ms, delaying 4.541ms (requested 5.508ms) [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:10 pc123 sshd[883385]: debug3: monitor_read: checking request 100
Jan 25 13:54:10 pc123 sshd[883385]: debug1: PAM: initializing for "qwer789"
Jan 25 13:54:10 pc123 sshd[883385]: debug1: PAM: setting PAM_RHOST to "10.123.45.67"
Jan 25 13:54:10 pc123 sshd[883385]: debug1: PAM: setting PAM_TTY to "ssh"
Jan 25 13:54:10 pc123 sshd[883385]: debug2: monitor_read: 100 used once, disabling now
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:10 pc123 sshd[883385]: debug3: monitor_read: checking request 4
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_answer_authserv: service=ssh-connection, style=
Jan 25 13:54:10 pc123 sshd[883385]: debug2: monitor_read: 4 used once, disabling now
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:10 pc123 sshd[883385]: debug3: monitor_read: checking request 80
Jan 25 13:54:10 pc123 sshd[883385]: debug3: mm_answer_authrole: role=
Jan 25 13:54:10 pc123 sshd[883385]: debug2: monitor_read: 80 used once, disabling now
Jan 25 13:54:10 pc123 sshd[883385]: debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password" [preauth]
Jan 25 13:54:10 pc123 sshd[883385]: debug3: send packet: type 51 [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: receive packet: type 50 [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug1: userauth-request for user qwer789 service ssh-connection method publickey [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug1: attempt 1 failures 0 [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug2: input_userauth_request: try method publickey [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug2: userauth_pubkey: valid user qwer789 attempting public key rsa-sha2-512 xxxxxxxxxx [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: userauth_pubkey: have rsa-sha2-512 signature for RSA SHA256:xxxxx [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: mm_key_allowed entering [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: mm_request_send entering: type 22 [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: mm_request_receive_expect entering: type 23 [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: mm_request_receive entering [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:20 pc123 sshd[883385]: debug3: monitor_read: checking request 22
Jan 25 13:54:20 pc123 sshd[883385]: debug3: mm_answer_keyallowed entering
Jan 25 13:54:20 pc123 sshd[883385]: debug3: mm_answer_keyallowed: key_from_blob: 0x55ba15429000
Jan 25 13:54:20 pc123 sshd[883385]: debug1: temporarily_use_uid: 2001/3000 (e=0/0)
Jan 25 13:54:20 pc123 sshd[883385]: debug1: trying public key file /home/qwer789/.ssh/authorized_keys
Jan 25 13:54:20 pc123 sshd[883385]: debug1: Could not open authorized keys '/home/qwer789/.ssh/authorized_keys': No such file or directory
Jan 25 13:54:20 pc123 sshd[883385]: debug1: restore_uid: 0/0
Jan 25 13:54:20 pc123 sshd[883385]: debug3: mm_answer_keyallowed: publickey authentication: RSA key is not allowed
Jan 25 13:54:20 pc123 sshd[883385]: Failed publickey for qwer789 from 10.123.45.67 port 59029 ssh2: RSA SHA256:xxxxx
Jan 25 13:54:20 pc123 sshd[883385]: debug3: mm_request_send entering: type 23
Jan 25 13:54:20 pc123 sshd[883385]: debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512 [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: ensure_minimum_time_since: elapsed 3.484ms, delaying 2.024ms (requested 5.508ms) [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password" [preauth]
Jan 25 13:54:20 pc123 sshd[883385]: debug3: send packet: type 51 [preauth]
Jan 25 13:54:25 pc123 sshd[883385]: debug3: receive packet: type 50 [preauth]
Jan 25 13:54:25 pc123 sshd[883385]: debug1: userauth-request for user qwer789 service ssh-connection method password [preauth]
Jan 25 13:54:25 pc123 sshd[883385]: debug1: attempt 2 failures 1 [preauth]
Jan 25 13:54:25 pc123 sshd[883385]: debug2: input_userauth_request: try method password [preauth]
Jan 25 13:54:25 pc123 sshd[883385]: debug3: mm_auth_password entering [preauth]
Jan 25 13:54:25 pc123 sshd[883385]: debug3: mm_request_send entering: type 12 [preauth]
Jan 25 13:54:25 pc123 sshd[883385]: debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
Jan 25 13:54:25 pc123 sshd[883385]: debug3: mm_request_receive_expect entering: type 13 [preauth]
Jan 25 13:54:25 pc123 sshd[883385]: debug3: mm_request_receive entering [preauth]
Jan 25 13:54:25 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:25 pc123 sshd[883385]: debug3: monitor_read: checking request 12
Jan 25 13:54:25 pc123 sshd[883385]: debug3: PAM: sshpam_passwd_conv called with 1 messages
Jan 25 13:54:25 pc123 sshd[883385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.123.45.67  user=qwer789
Jan 25 13:54:25 pc123 sshd[883385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.123.45.67  user=qwer789
Jan 25 13:54:27 pc123 sshd[883385]: debug1: PAM: password authentication failed for qwer789: Authentication failure
Jan 25 13:54:27 pc123 sshd[883385]: debug3: mm_answer_authpassword: sending result 0
Jan 25 13:54:27 pc123 sshd[883385]: debug3: mm_request_send entering: type 13
Jan 25 13:54:27 pc123 sshd[883385]: Failed password for qwer789 from 10.123.45.67 port 59029 ssh2
Jan 25 13:54:27 pc123 sshd[883385]: debug3: mm_auth_password: user not authenticated [preauth]
Jan 25 13:54:27 pc123 sshd[883385]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
Jan 25 13:54:27 pc123 sshd[883385]: debug3: ensure_minimum_time_since: elapsed 1460.110ms, delaying 1360.043ms (requested 5.508ms) [preauth]
Jan 25 13:54:28 pc123 sshd[883385]: debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password" [preauth]
Jan 25 13:54:28 pc123 sshd[883385]: debug3: send packet: type 51 [preauth]
Jan 25 13:54:35 pc123 sshd[883385]: debug3: receive packet: type 50 [preauth]
Jan 25 13:54:35 pc123 sshd[883385]: debug1: userauth-request for user qwer789 service ssh-connection method password [preauth]
Jan 25 13:54:35 pc123 sshd[883385]: debug1: attempt 3 failures 2 [preauth]
Jan 25 13:54:35 pc123 sshd[883385]: debug2: input_userauth_request: try method password [preauth]
Jan 25 13:54:35 pc123 sshd[883385]: debug3: mm_auth_password entering [preauth]
Jan 25 13:54:35 pc123 sshd[883385]: debug3: mm_request_send entering: type 12 [preauth]
Jan 25 13:54:35 pc123 sshd[883385]: debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
Jan 25 13:54:35 pc123 sshd[883385]: debug3: mm_request_receive_expect entering: type 13 [preauth]
Jan 25 13:54:35 pc123 sshd[883385]: debug3: mm_request_receive entering [preauth]
Jan 25 13:54:35 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:35 pc123 sshd[883385]: debug3: monitor_read: checking request 12
Jan 25 13:54:35 pc123 sshd[883385]: debug3: PAM: sshpam_passwd_conv called with 1 messages
Jan 25 13:54:37 pc123 sshd[883385]: debug1: PAM: password authentication failed for qwer789: Authentication failure
Jan 25 13:54:37 pc123 sshd[883385]: debug3: mm_answer_authpassword: sending result 0
Jan 25 13:54:37 pc123 sshd[883385]: debug3: mm_request_send entering: type 13
Jan 25 13:54:37 pc123 sshd[883385]: Failed password for qwer789 from 10.123.45.67 port 59029 ssh2
Jan 25 13:54:37 pc123 sshd[883385]: debug3: mm_auth_password: user not authenticated [preauth]
Jan 25 13:54:37 pc123 sshd[883385]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
Jan 25 13:54:37 pc123 sshd[883385]: debug3: ensure_minimum_time_since: elapsed 2167.493ms, delaying 652.660ms (requested 5.508ms) [preauth]
Jan 25 13:54:37 pc123 sshd[883385]: debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password" [preauth]
Jan 25 13:54:37 pc123 sshd[883385]: debug3: send packet: type 51 [preauth]
Jan 25 13:54:47 pc123 sshd[883385]: debug3: receive packet: type 50 [preauth]
Jan 25 13:54:47 pc123 sshd[883385]: debug1: userauth-request for user qwer789 service ssh-connection method password [preauth]
Jan 25 13:54:47 pc123 sshd[883385]: debug1: attempt 4 failures 3 [preauth]
Jan 25 13:54:47 pc123 sshd[883385]: debug2: input_userauth_request: try method password [preauth]
Jan 25 13:54:47 pc123 sshd[883385]: debug3: mm_auth_password entering [preauth]
Jan 25 13:54:47 pc123 sshd[883385]: debug3: mm_request_send entering: type 12 [preauth]
Jan 25 13:54:47 pc123 sshd[883385]: debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
Jan 25 13:54:47 pc123 sshd[883385]: debug3: mm_request_receive_expect entering: type 13 [preauth]
Jan 25 13:54:47 pc123 sshd[883385]: debug3: mm_request_receive entering [preauth]
Jan 25 13:54:47 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:47 pc123 sshd[883385]: debug3: monitor_read: checking request 12
Jan 25 13:54:47 pc123 sshd[883385]: debug3: PAM: sshpam_passwd_conv called with 1 messages
Jan 25 13:54:49 pc123 sshd[883385]: debug1: PAM: password authentication failed for qwer789: Authentication failure
Jan 25 13:54:49 pc123 sshd[883385]: debug3: mm_answer_authpassword: sending result 0
Jan 25 13:54:49 pc123 sshd[883385]: debug3: mm_request_send entering: type 13
Jan 25 13:54:49 pc123 sshd[883385]: Failed password for qwer789 from 10.123.45.67 port 59029 ssh2
Jan 25 13:54:49 pc123 sshd[883385]: debug3: mm_auth_password: user not authenticated [preauth]
Jan 25 13:54:49 pc123 sshd[883385]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
Jan 25 13:54:49 pc123 sshd[883385]: debug3: ensure_minimum_time_since: elapsed 2147.643ms, delaying 672.510ms (requested 5.508ms) [preauth]
Jan 25 13:54:49 pc123 sshd[883385]: debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password" [preauth]
Jan 25 13:54:49 pc123 sshd[883385]: debug3: send packet: type 51 [preauth]
Jan 25 13:54:50 pc123 sshd[883385]: debug3: mm_request_send entering: type 122 [preauth]
Jan 25 13:54:50 pc123 sshd[883385]: debug3: mm_request_receive_expect entering: type 123 [preauth]
Jan 25 13:54:50 pc123 sshd[883385]: debug3: mm_request_receive entering [preauth]
Jan 25 13:54:50 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:50 pc123 sshd[883385]: debug3: monitor_read: checking request 122
Jan 25 13:54:50 pc123 sshd[883385]: debug3: mm_request_send entering: type 123
Jan 25 13:54:50 pc123 sshd[883385]: Connection reset by authenticating user qwer789 10.123.45.67 port 59029 [preauth]
Jan 25 13:54:50 pc123 sshd[883385]: debug1: do_cleanup [preauth]
Jan 25 13:54:50 pc123 sshd[883385]: debug3: PAM: sshpam_thread_cleanup entering [preauth]
Jan 25 13:54:50 pc123 sshd[883385]: debug3: mm_request_send entering: type 124 [preauth]
Jan 25 13:54:50 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:50 pc123 sshd[883385]: debug3: monitor_read: checking request 124
Jan 25 13:54:50 pc123 sshd[883385]: debug1: monitor_read_log: child log fd closed
Jan 25 13:54:50 pc123 sshd[883385]: debug3: mm_request_receive entering
Jan 25 13:54:50 pc123 sshd[883385]: debug1: do_cleanup
Jan 25 13:54:50 pc123 sshd[883385]: debug1: PAM: cleanup
Jan 25 13:54:50 pc123 sshd[883385]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.123.45.67  user=qwer789
Jan 25 13:54:50 pc123 sshd[883385]: debug3: PAM: sshpam_thread_cleanup entering
Jan 25 13:54:50 pc123 sshd[883385]: debug1: Killing privsep child 883386
Jan 25 13:54:50 pc123 sshd[883385]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.123.45.67  user=qwer789

sshd_配置:

#       $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel DEBUG3

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes

PrintMotd no

#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

/etc/pam.d/password-auth:

auth        required                                     pam_env.so
auth        required                                     pam_faildelay.so delay=2000000
auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular
auth        [default=1 ignore=ignore success=ok]         pam_localuser.so
auth        sufficient                                   pam_unix.so nullok try_first_pass
auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular
auth        sufficient                                   pam_sss.so forward_pass
auth        required                                     pam_deny.so

account     required                                     pam_unix.so
account     sufficient                                   pam_localuser.so
account     sufficient                                   pam_usertype.so issystem
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required                                     pam_permit.so

password    requisite                                    pam_pwquality.so try_first_pass local_users_only
password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient                                   pam_sss.so use_authtok
password    required                                     pam_deny.so

session     optional                                     pam_keyinit.so revoke
session     required                                     pam_limits.so
-session    optional                                     pam_systemd.so
session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
session     required                                     pam_unix.so
session     optional                                     pam_sss.so

相关内容