SSH 无法在 CentOS 6.5 上运行(PAM 身份验证错误)

SSH 无法在 CentOS 6.5 上运行(PAM 身份验证错误)

名为 chcsouza 的用户尝试从 service0 主机访问 service1 主机,但收到以下消息:

172.23.0.4 关闭连接

172.23.0.4 是服务 1 的 IP

老用户可以 ssh 到该主机。新用户则不能。

启用详细功能后,他得到了以下回复

chcsouza@service0:~$ ssh -vvv service1
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to service1 [172.23.0.4] port 22.
debug1: Connection established.
debug1: identity file /home/chcsouza/.ssh/identity type 0
debug1: identity file /home/chcsouza/.ssh/identity-cert type -1
debug3: Not a RSA1 key file /home/chcsouza/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/chcsouza/.ssh/id_rsa type 1
debug1: identity file /home/chcsouza/.ssh/id_rsa-cert type -1
debug3: Not a RSA1 key file /home/chcsouza/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/chcsouza/.ssh/id_dsa type 2
debug1: identity file /home/chcsouza/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 496/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 1149
debug3: check_host_in_hostfile: host service1 filename /home/chcsouza/.ssh/known_hosts
debug3: check_host_in_hostfile: host service1 filename /home/chcsouza/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: host 172.23.0.4 filename /home/chcsouza/.ssh/known_hosts
debug3: check_host_in_hostfile: host 172.23.0.4 filename /home/chcsouza/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'service1' is known and matches the RSA host key.
debug1: Found key in /home/chcsouza/.ssh/known_hosts:1
debug2: bits set: 530/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1165
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1213
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/chcsouza/.ssh/id_rsa (0x7fff49076990)
debug2: key: /home/chcsouza/.ssh/id_dsa (0x7fff490769c0)
debug3: Wrote 64 bytes for a total of 1277
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 172.23.0.4.
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1366' not found
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1366' not found
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1366' not found
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/chcsouza/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1645
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: SHA1 fp 5a:a4:42:e0:32:70:4e:2c:d8:20:c8:cf:73:d6:30:ad:79:58:6a:d0
debug3: sign_and_send_pubkey: RSA 5a:a4:42:e0:32:70:4e:2c:d8:20:c8:cf:73:d6:30:ad:79:58:6a:d0
debug1: read PEM private key done: type RSA
debug3: Wrote 640 bytes for a total of 2285
Connection closed by 172.23.0.4                               

如果我们在 sshd 进程上启用调试,则当用户 chcsouza 尝试通过 ssh 登录时,服务器将显示以下消息:

root@service1:~# service sshd start
Starting sshd: debug2: load_server_config: filename /etc/ssh/sshd_config
...
debug1: userauth-request for user chcsouza service ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 7
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 8
debug3: mm_request_receive entering
debug3: monitor_read: checking request 7
debug3: mm_answer_pwnamallow
debug3: Trying to reverse map address 172.23.0.3.
debug2: parse_server_config: config reprocess config len 665
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 8
debug2: monitor_read: 7 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for chcsouza
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 50
debug3: mm_inform_authserv entering
debug3: monitor_read: checking request 50
debug3: mm_request_send entering: type 3
debug1: PAM: initializing for "chcsouza"
debug3: mm_inform_authrole entering
debug3: mm_request_send entering: type 4
debug2: input_userauth_request: try method none
debug3: Wrote 80 bytes for a total of 1861
debug1: PAM: setting PAM_RHOST to "service0.head.smc-default.imd.local"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 50 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authrole: role=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug1: userauth-request for user chcsouza service ssh-connection method publickey
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 21
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 22
debug3: monitor_read: checking request 21
debug3: mm_request_receive entering
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x7fffedd2b700
debug1: temporarily_use_uid: 1366/613 (e=0/0)
debug1: trying public key file /home/chcsouza/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug3: secure_filename: checking '/home/chcsouza/.ssh'
debug3: secure_filename: checking '/home/chcsouza'
debug3: secure_filename: terminating check at '/home/chcsouza'
debug2: key_type_from_name: unknown key type '2048'
debug3: key_read: missing keytype
debug2: user_key_allowed: check options: '2048 35 26000714296900273965786422708504101924119917395214368817109540216187511800728858982170633686332278948915070628971426494703299576635561193633172893183205681968579838000574382275096021269764780112758969869104951890176029466481236927687283005599973562018292709534010743496870316901080106395195571823936509734632740925756796557507387517840555382734710967489053578233697303628831208002511929908137305192337183356340285385783837825666986988131222551326535457629120817070864697113247384885735176708481892649412585057021840887990013748434415786480632436056995599538200313922982744057973432367644688719483406770318432823103321 chcsouza@service0
'
debug2: key_type_from_name: unknown key type '35'
debug3: key_read: missing keytype
debug2: user_key_allowed: advance: '35 26000714296900273965786422708504101924119917395214368817109540216187511800728858982170633686332278948915070628971426494703299576635561193633172893183205681968579838000574382275096021269764780112758969869104951890176029466481236927687283005599973562018292709534010743496870316901080106395195571823936509734632740925756796557507387517840555382734710967489053578233697303628831208002511929908137305192337183356340285385783837825666986988131222551326535457629120817070864697113247384885735176708481892649412585057021840887990013748434415786480632436056995599538200313922982744057973432367644688719483406770318432823103321 chcsouza@service0
'
debug2: key not found
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1366/613 (e=0/0)
debug1: trying public key file /home/chcsouza/.ssh/authorized_keys2
debug1: fd 4 clearing O_NONBLOCK
debug3: secure_filename: checking '/home/chcsouza/.ssh'
debug3: secure_filename: checking '/home/chcsouza'
debug3: secure_filename: terminating check at '/home/chcsouza'
debug3: key_read: type mismatch
debug2: user_key_allowed: check options: 'ssh-dss AAAAB3NzaC1kc3MAAACBAJuTygIgx4+mwww5WzDYrdESjWv6fTpFdnEqAK2weRUgm8NB7/4KoWvUywCi6lPui0IX3YlyTojhF+WDZr/YS1ZeOhGMXIAylKUn2V3SNscERbGKMbXxmkzZPlIRmOLRv7eCe/JgL/V9udnhqDqjL8q/9BcAUXb5bUTHKC5n9m5bAAAAFQDYEFE3nUqG2Xn66FL25LeapaO2hwAAAIAPTzwkNPqb9mKdR8KwrpGDLOx4Fme1FWJeXVg6XSGASkleaEWqSMSBO4WsjN+ZnlSsMvJ/IT8skVEUYPLLpQHQ4XWUl7HD/lF5VN5x1QtaDUgDLsWrwmLMH++R2/xw/3YfAXVVrQVdXXAl49DFioBaqvqaeXAVZ6UlE080pNtXHgAAAIBkjGzKjE1i0L8LrhUitkjyf6B4UhnGqm6RSubuOVoy0BByIMm8ze/f0KkRASkz/2hXoWur8R6G7nAyC+VGjo/yQt+WyN0oBqjOGJDTr4Lvm9EL5blm4OyF9sXo5u7Kj27J5kirwEtlrkxikipEp5BJuqYsvxzFnnCmBONNfC2+cw== chcsouza@service0
'
debug2: key_type_from_name: unknown key type 'AAAAB3NzaC1kc3MAAACBAJuTygIgx4+mwww5WzDYrdESjWv6fTpFdnEqAK2weRUgm8NB7/4KoWvUywCi6lPui0IX3YlyTojhF+WDZr/YS1ZeOhGMXIAylKUn2V3SNscERbGKMbXxmkzZPlIRmOLRv7eCe/JgL/V9udnhqDqjL8q/9BcAUXb5bUTHKC5n9m5bAAAAFQDYEFE3nUqG2Xn66FL25LeapaO2hwAAAIAPTzwkNPqb9mKdR8KwrpGDLOx4Fme1FWJeXVg6XSGASkleaEWqSMSBO4WsjN+ZnlSsMvJ/IT8skVEUYPLLpQHQ4XWUl7HD/lF5VN5x1QtaDUgDLsWrwmLMH++R2/xw/3YfAXVVrQVdXXAl49DFioBaqvqaeXAVZ6UlE080pNtXHgAAAIBkjGzKjE1i0L8LrhUitkjyf6B4UhnGqm6RSubuOVoy0BByIMm8ze/f0KkRASkz/2hXoWur8R6G7nAyC+VGjo/yQt+WyN0oBqjOGJDTr4Lvm9EL5blm4OyF9sXo5u7Kj27J5kirwEtlrkxikipEp5BJuqYsvxzFnnCmBONNfC2+cw=='
debug3: key_read: missing keytype
debug2: user_key_allowed: advance: 'AAAAB3NzaC1kc3MAAACBAJuTygIgx4+mwww5WzDYrdESjWv6fTpFdnEqAK2weRUgm8NB7/4KoWvUywCi6lPui0IX3YlyTojhF+WDZr/YS1ZeOhGMXIAylKUn2V3SNscERbGKMbXxmkzZPlIRmOLRv7eCe/JgL/V9udnhqDqjL8q/9BcAUXb5bUTHKC5n9m5bAAAAFQDYEFE3nUqG2Xn66FL25LeapaO2hwAAAIAPTzwkNPqb9mKdR8KwrpGDLOx4Fme1FWJeXVg6XSGASkleaEWqSMSBO4WsjN+ZnlSsMvJ/IT8skVEUYPLLpQHQ4XWUl7HD/lF5VN5x1QtaDUgDLsWrwmLMH++R2/xw/3YfAXVVrQVdXXAl49DFioBaqvqaeXAVZ6UlE080pNtXHgAAAIBkjGzKjE1i0L8LrhUitkjyf6B4UhnGqm6RSubuOVoy0BByIMm8ze/f0KkRASkz/2hXoWur8R6G7nAyC+VGjo/yQt+WyN0oBqjOGJDTr4Lvm9EL5blm4OyF9sXo5u7Kj27J5kirwEtlrkxikipEp5BJuqYsvxzFnnCmBONNfC2+cw== chcsouza@service0
'
debug3: key_read: type mismatch
debug2: user_key_allowed: check options: 'ssh-dss AAAAB3NzaC1kc3MAAACBAIVcKPKEB7JeOUQguem0vQrBY7U1QVUs2ZE8/LJjr8iJnNFTgnb5HV1kPIngwUkwcKVvUEn9LwqdqGhhT5y46nhAOCwO/bS+jXtDvuXkBWZjG33Nl6/UOF6tMTtZjwaYxim9tg1JhMvM0vWwxX6LyVacN6p2DNvrB8rtS1lN35TdAAAAFQCfEmp/auPvGyVxd4QJU30OEpFKdwAAAIAhZY2qc4KZwPfX1L8I2jj8nQcwWdSpQDX7DibI48kJu4qHxcPEXzv+mxodrf1PmVY/+FQj6MaSrbFeL98vXMBuAc4RPEHPdwxDdAalzilNP2ULxTPDsgwM9se6ZAFYlKJqlnELbBXpxxKkuVClUi8+KmrPwFey9wBY4Kk17wDlaQAAAIAqfxN5ZA7PrzS/MFX1e9pXlcLzs1/qqWBqCrZn78oQXxoPGVTXGnYXQDZgzpqAuUc8vNora4qb1uQVPaj+I+J8agjr2i4Z7vk14wl2uOvcXlI645zdCxnehla+TLIb8uh34Gg2OHfSVKbd5e7/Jvfty6yrb+Tv/iZ5CUMawT9bkQ== chcsouza@service0
'
debug2: key_type_from_name: unknown key type 'AAAAB3NzaC1kc3MAAACBAIVcKPKEB7JeOUQguem0vQrBY7U1QVUs2ZE8/LJjr8iJnNFTgnb5HV1kPIngwUkwcKVvUEn9LwqdqGhhT5y46nhAOCwO/bS+jXtDvuXkBWZjG33Nl6/UOF6tMTtZjwaYxim9tg1JhMvM0vWwxX6LyVacN6p2DNvrB8rtS1lN35TdAAAAFQCfEmp/auPvGyVxd4QJU30OEpFKdwAAAIAhZY2qc4KZwPfX1L8I2jj8nQcwWdSpQDX7DibI48kJu4qHxcPEXzv+mxodrf1PmVY/+FQj6MaSrbFeL98vXMBuAc4RPEHPdwxDdAalzilNP2ULxTPDsgwM9se6ZAFYlKJqlnELbBXpxxKkuVClUi8+KmrPwFey9wBY4Kk17wDlaQAAAIAqfxN5ZA7PrzS/MFX1e9pXlcLzs1/qqWBqCrZn78oQXxoPGVTXGnYXQDZgzpqAuUc8vNora4qb1uQVPaj+I+J8agjr2i4Z7vk14wl2uOvcXlI645zdCxnehla+TLIb8uh34Gg2OHfSVKbd5e7/Jvfty6yrb+Tv/iZ5CUMawT9bkQ=='
debug3: key_read: missing keytype
debug2: user_key_allowed: advance: 'AAAAB3NzaC1kc3MAAACBAIVcKPKEB7JeOUQguem0vQrBY7U1QVUs2ZE8/LJjr8iJnNFTgnb5HV1kPIngwUkwcKVvUEn9LwqdqGhhT5y46nhAOCwO/bS+jXtDvuXkBWZjG33Nl6/UOF6tMTtZjwaYxim9tg1JhMvM0vWwxX6LyVacN6p2DNvrB8rtS1lN35TdAAAAFQCfEmp/auPvGyVxd4QJU30OEpFKdwAAAIAhZY2qc4KZwPfX1L8I2jj8nQcwWdSpQDX7DibI48kJu4qHxcPEXzv+mxodrf1PmVY/+FQj6MaSrbFeL98vXMBuAc4RPEHPdwxDdAalzilNP2ULxTPDsgwM9se6ZAFYlKJqlnELbBXpxxKkuVClUi8+KmrPwFey9wBY4Kk17wDlaQAAAIAqfxN5ZA7PrzS/MFX1e9pXlcLzs1/qqWBqCrZn78oQXxoPGVTXGnYXQDZgzpqAuUc8vNora4qb1uQVPaj+I+J8agjr2i4Z7vk14wl2uOvcXlI645zdCxnehla+TLIb8uh34Gg2OHfSVKbd5e7/Jvfty6yrb+Tv/iZ5CUMawT9bkQ== chcsouza@service0
'
debug3: key_read: type mismatch
debug2: user_key_allowed: check options: 'ssh-dss AAAAB3NzaC1kc3MAAACBALyRyXEMBmxTMmkXHxr5uSoqPAjjzV6A/NwBiBbp/r+lduSNCGh5Y8sgpgad29nSjBlpSMGkK+fIs4on94Af6mHNIrjD3O10Wnjnb3v9alqvTChtRP8PoZVpPoGEhtWlcLCfT8NkVN4VgEEgCAS1LFjoLrMrCyf9qOfmbd6Mv6fHAAAAFQD32izmF8FPlwtZLyveSNl0O+IpUwAAAIEAq6qk4jTbO0BTcOyOZu4rRFU/Fbe1sZjSmDW43j+yYEoYdDNkkRzzANjZ6nz28oshAtGYGW3mS1DEGEOjorXqh5FemUd+O0zErjHwT8gyO802GuUWUkLCiBTMmVCGG/W7B3mmnADpiA920cwYJ5j7kPwY8rWqBZnF6Iq85BZKufEAAACBAJcs39IuaBeU0NF8klAZLTMsmEZWi4SodhLRRjvlxFEHeFzeAfFyL9qsZMKoP3/ygu4ZzWBSStY3UxTq70GYpmrgCrU/BVEnrOsX09xbEGh50F7ibS3+bhz9qJlHfvbSSstgbuheO6EKRzPryyfhwvDveHyTMV+xPUSRZ4Ujot6f chcsouza@service0
'
debug2: key_type_from_name: unknown key type 'AAAAB3NzaC1kc3MAAACBALyRyXEMBmxTMmkXHxr5uSoqPAjjzV6A/NwBiBbp/r+lduSNCGh5Y8sgpgad29nSjBlpSMGkK+fIs4on94Af6mHNIrjD3O10Wnjnb3v9alqvTChtRP8PoZVpPoGEhtWlcLCfT8NkVN4VgEEgCAS1LFjoLrMrCyf9qOfmbd6Mv6fHAAAAFQD32izmF8FPlwtZLyveSNl0O+IpUwAAAIEAq6qk4jTbO0BTcOyOZu4rRFU/Fbe1sZjSmDW43j+yYEoYdDNkkRzzANjZ6nz28oshAtGYGW3mS1DEGEOjorXqh5FemUd+O0zErjHwT8gyO802GuUWUkLCiBTMmVCGG/W7B3mmnADpiA920cwYJ5j7kPwY8rWqBZnF6Iq85BZKufEAAACBAJcs39IuaBeU0NF8klAZLTMsmEZWi4SodhLRRjvlxFEHeFzeAfFyL9qsZMKoP3/ygu4ZzWBSStY3UxTq70GYpmrgCrU/BVEnrOsX09xbEGh50F7ibS3+bhz9qJlHfvbSSstgbuheO6EKRzPryyfhwvDveHyTMV+xPUSRZ4Ujot6f'
debug3: key_read: missing keytype
debug2: user_key_allowed: advance: 'AAAAB3NzaC1kc3MAAACBALyRyXEMBmxTMmkXHxr5uSoqPAjjzV6A/NwBiBbp/r+lduSNCGh5Y8sgpgad29nSjBlpSMGkK+fIs4on94Af6mHNIrjD3O10Wnjnb3v9alqvTChtRP8PoZVpPoGEhtWlcLCfT8NkVN4VgEEgCAS1LFjoLrMrCyf9qOfmbd6Mv6fHAAAAFQD32izmF8FPlwtZLyveSNl0O+IpUwAAAIEAq6qk4jTbO0BTcOyOZu4rRFU/Fbe1sZjSmDW43j+yYEoYdDNkkRzzANjZ6nz28oshAtGYGW3mS1DEGEOjorXqh5FemUd+O0zErjHwT8gyO802GuUWUkLCiBTMmVCGG/W7B3mmnADpiA920cwYJ5j7kPwY8rWqBZnF6Iq85BZKufEAAACBAJcs39IuaBeU0NF8klAZLTMsmEZWi4SodhLRRjvlxFEHeFzeAfFyL9qsZMKoP3/ygu4ZzWBSStY3UxTq70GYpmrgCrU/BVEnrOsX09xbEGh50F7ibS3+bhz9qJlHfvbSSstgbuheO6EKRzPryyfhwvDveHyTMV+xPUSRZ4Ujot6f chcsouza@service0
'
debug1: matching key found: file /home/chcsouza/.ssh/authorized_keys2, line 6
Found matching RSA key: 00:1a:4c:9c:2b:63:34:5d:db:fb:8d:33:da:52:06:0c
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x7fffedd2b700 is allowed
debug3: mm_request_send entering: type 22
debug3: mm_request_receive entering
debug3: Wrote 320 bytes for a total of 2181
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Postponed publickey for chcsouza from 172.23.0.3 port 42046 ssh2
debug1: userauth-request for user chcsouza service ssh-connection method publickey
debug1: attempt 2 failures 0
debug2: input_userauth_request: try method publickey
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 21
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 22
debug3: mm_request_receive entering
debug3: monitor_read: checking request 21
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x7fffedd2b740
debug1: temporarily_use_uid: 1366/613 (e=0/0)
debug1: trying public key file /home/chcsouza/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug3: secure_filename: checking '/home/chcsouza/.ssh'
debug3: secure_filename: checking '/home/chcsouza'
debug3: secure_filename: terminating check at '/home/chcsouza'
debug2: key_type_from_name: unknown key type '2048'
debug3: key_read: missing keytype
debug2: user_key_allowed: check options: '2048 35 26000714296900273965786422708504101924119917395214368817109540216187511800728858982170633686332278948915070628971426494703299576635561193633172893183205681968579838000574382275096021269764780112758969869104951890176029466481236927687283005599973562018292709534010743496870316901080106395195571823936509734632740925756796557507387517840555382734710967489053578233697303628831208002511929908137305192337183356340285385783837825666986988131222551326535457629120817070864697113247384885735176708481892649412585057021840887990013748434415786480632436056995599538200313922982744057973432367644688719483406770318432823103321 chcsouza@service0
'
debug2: key_type_from_name: unknown key type '35'
debug3: key_read: missing keytype
debug2: user_key_allowed: advance: '35 26000714296900273965786422708504101924119917395214368817109540216187511800728858982170633686332278948915070628971426494703299576635561193633172893183205681968579838000574382275096021269764780112758969869104951890176029466481236927687283005599973562018292709534010743496870316901080106395195571823936509734632740925756796557507387517840555382734710967489053578233697303628831208002511929908137305192337183356340285385783837825666986988131222551326535457629120817070864697113247384885735176708481892649412585057021840887990013748434415786480632436056995599538200313922982744057973432367644688719483406770318432823103321 chcsouza@service0
'
debug2: key not found
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1366/613 (e=0/0)
debug1: trying public key file /home/chcsouza/.ssh/authorized_keys2
debug1: fd 4 clearing O_NONBLOCK
debug3: secure_filename: checking '/home/chcsouza/.ssh'
debug3: secure_filename: checking '/home/chcsouza'
debug3: secure_filename: terminating check at '/home/chcsouza'
debug3: key_read: type mismatch
debug2: user_key_allowed: check options: 'ssh-dss AAAAB3NzaC1kc3MAAACBAJuTygIgx4+mwww5WzDYrdESjWv6fTpFdnEqAK2weRUgm8NB7/4KoWvUywCi6lPui0IX3YlyTojhF+WDZr/YS1ZeOhGMXIAylKUn2V3SNscERbGKMbXxmkzZPlIRmOLRv7eCe/JgL/V9udnhqDqjL8q/9BcAUXb5bUTHKC5n9m5bAAAAFQDYEFE3nUqG2Xn66FL25LeapaO2hwAAAIAPTzwkNPqb9mKdR8KwrpGDLOx4Fme1FWJeXVg6XSGASkleaEWqSMSBO4WsjN+ZnlSsMvJ/IT8skVEUYPLLpQHQ4XWUl7HD/lF5VN5x1QtaDUgDLsWrwmLMH++R2/xw/3YfAXVVrQVdXXAl49DFioBaqvqaeXAVZ6UlE080pNtXHgAAAIBkjGzKjE1i0L8LrhUitkjyf6B4UhnGqm6RSubuOVoy0BByIMm8ze/f0KkRASkz/2hXoWur8R6G7nAyC+VGjo/yQt+WyN0oBqjOGJDTr4Lvm9EL5blm4OyF9sXo5u7Kj27J5kirwEtlrkxikipEp5BJuqYsvxzFnnCmBONNfC2+cw== chcsouza@service0
'
debug2: key_type_from_name: unknown key type 'AAAAB3NzaC1kc3MAAACBAJuTygIgx4+mwww5WzDYrdESjWv6fTpFdnEqAK2weRUgm8NB7/4KoWvUywCi6lPui0IX3YlyTojhF+WDZr/YS1ZeOhGMXIAylKUn2V3SNscERbGKMbXxmkzZPlIRmOLRv7eCe/JgL/V9udnhqDqjL8q/9BcAUXb5bUTHKC5n9m5bAAAAFQDYEFE3nUqG2Xn66FL25LeapaO2hwAAAIAPTzwkNPqb9mKdR8KwrpGDLOx4Fme1FWJeXVg6XSGASkleaEWqSMSBO4WsjN+ZnlSsMvJ/IT8skVEUYPLLpQHQ4XWUl7HD/lF5VN5x1QtaDUgDLsWrwmLMH++R2/xw/3YfAXVVrQVdXXAl49DFioBaqvqaeXAVZ6UlE080pNtXHgAAAIBkjGzKjE1i0L8LrhUitkjyf6B4UhnGqm6RSubuOVoy0BByIMm8ze/f0KkRASkz/2hXoWur8R6G7nAyC+VGjo/yQt+WyN0oBqjOGJDTr4Lvm9EL5blm4OyF9sXo5u7Kj27J5kirwEtlrkxikipEp5BJuqYsvxzFnnCmBONNfC2+cw=='
debug3: key_read: missing keytype
debug2: user_key_allowed: advance: 'AAAAB3NzaC1kc3MAAACBAJuTygIgx4+mwww5WzDYrdESjWv6fTpFdnEqAK2weRUgm8NB7/4KoWvUywCi6lPui0IX3YlyTojhF+WDZr/YS1ZeOhGMXIAylKUn2V3SNscERbGKMbXxmkzZPlIRmOLRv7eCe/JgL/V9udnhqDqjL8q/9BcAUXb5bUTHKC5n9m5bAAAAFQDYEFE3nUqG2Xn66FL25LeapaO2hwAAAIAPTzwkNPqb9mKdR8KwrpGDLOx4Fme1FWJeXVg6XSGASkleaEWqSMSBO4WsjN+ZnlSsMvJ/IT8skVEUYPLLpQHQ4XWUl7HD/lF5VN5x1QtaDUgDLsWrwmLMH++R2/xw/3YfAXVVrQVdXXAl49DFioBaqvqaeXAVZ6UlE080pNtXHgAAAIBkjGzKjE1i0L8LrhUitkjyf6B4UhnGqm6RSubuOVoy0BByIMm8ze/f0KkRASkz/2hXoWur8R6G7nAyC+VGjo/yQt+WyN0oBqjOGJDTr4Lvm9EL5blm4OyF9sXo5u7Kj27J5kirwEtlrkxikipEp5BJuqYsvxzFnnCmBONNfC2+cw== chcsouza@service0
'
debug3: key_read: type mismatch
debug2: user_key_allowed: check options: 'ssh-dss AAAAB3NzaC1kc3MAAACBAIVcKPKEB7JeOUQguem0vQrBY7U1QVUs2ZE8/LJjr8iJnNFTgnb5HV1kPIngwUkwcKVvUEn9LwqdqGhhT5y46nhAOCwO/bS+jXtDvuXkBWZjG33Nl6/UOF6tMTtZjwaYxim9tg1JhMvM0vWwxX6LyVacN6p2DNvrB8rtS1lN35TdAAAAFQCfEmp/auPvGyVxd4QJU30OEpFKdwAAAIAhZY2qc4KZwPfX1L8I2jj8nQcwWdSpQDX7DibI48kJu4qHxcPEXzv+mxodrf1PmVY/+FQj6MaSrbFeL98vXMBuAc4RPEHPdwxDdAalzilNP2ULxTPDsgwM9se6ZAFYlKJqlnELbBXpxxKkuVClUi8+KmrPwFey9wBY4Kk17wDlaQAAAIAqfxN5ZA7PrzS/MFX1e9pXlcLzs1/qqWBqCrZn78oQXxoPGVTXGnYXQDZgzpqAuUc8vNora4qb1uQVPaj+I+J8agjr2i4Z7vk14wl2uOvcXlI645zdCxnehla+TLIb8uh34Gg2OHfSVKbd5e7/Jvfty6yrb+Tv/iZ5CUMawT9bkQ== chcsouza@service0
'
debug2: key_type_from_name: unknown key type 'AAAAB3NzaC1kc3MAAACBAIVcKPKEB7JeOUQguem0vQrBY7U1QVUs2ZE8/LJjr8iJnNFTgnb5HV1kPIngwUkwcKVvUEn9LwqdqGhhT5y46nhAOCwO/bS+jXtDvuXkBWZjG33Nl6/UOF6tMTtZjwaYxim9tg1JhMvM0vWwxX6LyVacN6p2DNvrB8rtS1lN35TdAAAAFQCfEmp/auPvGyVxd4QJU30OEpFKdwAAAIAhZY2qc4KZwPfX1L8I2jj8nQcwWdSpQDX7DibI48kJu4qHxcPEXzv+mxodrf1PmVY/+FQj6MaSrbFeL98vXMBuAc4RPEHPdwxDdAalzilNP2ULxTPDsgwM9se6ZAFYlKJqlnELbBXpxxKkuVClUi8+KmrPwFey9wBY4Kk17wDlaQAAAIAqfxN5ZA7PrzS/MFX1e9pXlcLzs1/qqWBqCrZn78oQXxoPGVTXGnYXQDZgzpqAuUc8vNora4qb1uQVPaj+I+J8agjr2i4Z7vk14wl2uOvcXlI645zdCxnehla+TLIb8uh34Gg2OHfSVKbd5e7/Jvfty6yrb+Tv/iZ5CUMawT9bkQ=='
debug3: key_read: missing keytype
debug2: user_key_allowed: advance: 'AAAAB3NzaC1kc3MAAACBAIVcKPKEB7JeOUQguem0vQrBY7U1QVUs2ZE8/LJjr8iJnNFTgnb5HV1kPIngwUkwcKVvUEn9LwqdqGhhT5y46nhAOCwO/bS+jXtDvuXkBWZjG33Nl6/UOF6tMTtZjwaYxim9tg1JhMvM0vWwxX6LyVacN6p2DNvrB8rtS1lN35TdAAAAFQCfEmp/auPvGyVxd4QJU30OEpFKdwAAAIAhZY2qc4KZwPfX1L8I2jj8nQcwWdSpQDX7DibI48kJu4qHxcPEXzv+mxodrf1PmVY/+FQj6MaSrbFeL98vXMBuAc4RPEHPdwxDdAalzilNP2ULxTPDsgwM9se6ZAFYlKJqlnELbBXpxxKkuVClUi8+KmrPwFey9wBY4Kk17wDlaQAAAIAqfxN5ZA7PrzS/MFX1e9pXlcLzs1/qqWBqCrZn78oQXxoPGVTXGnYXQDZgzpqAuUc8vNora4qb1uQVPaj+I+J8agjr2i4Z7vk14wl2uOvcXlI645zdCxnehla+TLIb8uh34Gg2OHfSVKbd5e7/Jvfty6yrb+Tv/iZ5CUMawT9bkQ== chcsouza@service0
'
debug3: key_read: type mismatch
debug2: user_key_allowed: check options: 'ssh-dss AAAAB3NzaC1kc3MAAACBALyRyXEMBmxTMmkXHxr5uSoqPAjjzV6A/NwBiBbp/r+lduSNCGh5Y8sgpgad29nSjBlpSMGkK+fIs4on94Af6mHNIrjD3O10Wnjnb3v9alqvTChtRP8PoZVpPoGEhtWlcLCfT8NkVN4VgEEgCAS1LFjoLrMrCyf9qOfmbd6Mv6fHAAAAFQD32izmF8FPlwtZLyveSNl0O+IpUwAAAIEAq6qk4jTbO0BTcOyOZu4rRFU/Fbe1sZjSmDW43j+yYEoYdDNkkRzzANjZ6nz28oshAtGYGW3mS1DEGEOjorXqh5FemUd+O0zErjHwT8gyO802GuUWUkLCiBTMmVCGG/W7B3mmnADpiA920cwYJ5j7kPwY8rWqBZnF6Iq85BZKufEAAACBAJcs39IuaBeU0NF8klAZLTMsmEZWi4SodhLRRjvlxFEHeFzeAfFyL9qsZMKoP3/ygu4ZzWBSStY3UxTq70GYpmrgCrU/BVEnrOsX09xbEGh50F7ibS3+bhz9qJlHfvbSSstgbuheO6EKRzPryyfhwvDveHyTMV+xPUSRZ4Ujot6f chcsouza@service0
'
debug2: key_type_from_name: unknown key type 'AAAAB3NzaC1kc3MAAACBALyRyXEMBmxTMmkXHxr5uSoqPAjjzV6A/NwBiBbp/r+lduSNCGh5Y8sgpgad29nSjBlpSMGkK+fIs4on94Af6mHNIrjD3O10Wnjnb3v9alqvTChtRP8PoZVpPoGEhtWlcLCfT8NkVN4VgEEgCAS1LFjoLrMrCyf9qOfmbd6Mv6fHAAAAFQD32izmF8FPlwtZLyveSNl0O+IpUwAAAIEAq6qk4jTbO0BTcOyOZu4rRFU/Fbe1sZjSmDW43j+yYEoYdDNkkRzzANjZ6nz28oshAtGYGW3mS1DEGEOjorXqh5FemUd+O0zErjHwT8gyO802GuUWUkLCiBTMmVCGG/W7B3mmnADpiA920cwYJ5j7kPwY8rWqBZnF6Iq85BZKufEAAACBAJcs39IuaBeU0NF8klAZLTMsmEZWi4SodhLRRjvlxFEHeFzeAfFyL9qsZMKoP3/ygu4ZzWBSStY3UxTq70GYpmrgCrU/BVEnrOsX09xbEGh50F7ibS3+bhz9qJlHfvbSSstgbuheO6EKRzPryyfhwvDveHyTMV+xPUSRZ4Ujot6f'
debug3: key_read: missing keytype
debug2: user_key_allowed: advance: 'AAAAB3NzaC1kc3MAAACBALyRyXEMBmxTMmkXHxr5uSoqPAjjzV6A/NwBiBbp/r+lduSNCGh5Y8sgpgad29nSjBlpSMGkK+fIs4on94Af6mHNIrjD3O10Wnjnb3v9alqvTChtRP8PoZVpPoGEhtWlcLCfT8NkVN4VgEEgCAS1LFjoLrMrCyf9qOfmbd6Mv6fHAAAAFQD32izmF8FPlwtZLyveSNl0O+IpUwAAAIEAq6qk4jTbO0BTcOyOZu4rRFU/Fbe1sZjSmDW43j+yYEoYdDNkkRzzANjZ6nz28oshAtGYGW3mS1DEGEOjorXqh5FemUd+O0zErjHwT8gyO802GuUWUkLCiBTMmVCGG/W7B3mmnADpiA920cwYJ5j7kPwY8rWqBZnF6Iq85BZKufEAAACBAJcs39IuaBeU0NF8klAZLTMsmEZWi4SodhLRRjvlxFEHeFzeAfFyL9qsZMKoP3/ygu4ZzWBSStY3UxTq70GYpmrgCrU/BVEnrOsX09xbEGh50F7ibS3+bhz9qJlHfvbSSstgbuheO6EKRzPryyfhwvDveHyTMV+xPUSRZ4Ujot6f chcsouza@service0
'
debug1: matching key found: file /home/chcsouza/.ssh/authorized_keys2, line 6
Found matching RSA key: 00:1a:4c:9c:2b:63:34:5d:db:fb:8d:33:da:52:06:0c
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x7fffedd2b740 is allowed
debug3: mm_request_send entering: type 22
debug3: mm_request_receive entering
debug3: mm_key_verify entering
debug3: mm_request_send entering: type 23
debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY
debug3: mm_request_receive_expect entering: type 24
debug3: monitor_read: checking request 23
debug3: mm_request_receive entering
debug1: ssh_rsa_verify: signature correct
debug3: mm_answer_keyverify: key 0x7fffedd2b720 signature verified
debug3: mm_request_send entering: type 24
debug3: mm_request_receive_expect entering: type 51
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa
debug3: mm_do_pam_account entering
debug3: mm_request_send entering: type 51
debug3: mm_request_receive_expect entering: type 52
debug3: mm_request_receive entering
debug1: do_pam_account: called
debug3: PAM: do_pam_account pam_acct_mgmt = 9 (Authentication service cannot retrieve authentication info)
debug3: mm_request_send entering: type 52
Failed publickey for chcsouza from 172.23.0.3 port 42046 ssh2
debug3: mm_do_pam_account returning 0
Access denied for user chcsouza by PAM account configuration
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 80
debug3: mm_request_receive_expect entering: type 81
debug3: mm_request_receive entering
debug3: monitor_read: checking request 80
debug3: mm_request_send entering: type 81
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
                                                           [FAILED]

有任何想法吗?

[已编辑]

系统认证文件

root@service1:~# cat /etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_deny.so
account required pam_unix.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow
password required pam_deny.so
session  optional pam_keyinit.so revoke
session  required pam_limits.so
session  [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session  required pam_unix.so

答案1

我会发现线在 RedHat 门户上描述了您的情况。您可以尝试删除提到的 PAM 模块,或者尝试运行authconfig --updateauthconfig --updateall,如那里所述。

相关内容