在 CentOS 7 上,无法以 root 以外的任何人身份执行 su 或 ssh

在 CentOS 7 上,无法以 root 以外的任何人身份执行 su 或 ssh

截至今天,我似乎无法在我的 CentOS 7 机器上以本地用户身份进行 ssh 或 su。

$ adduser ndejay
$ passwd ndejay
Changing password for user ndejay.
New password:
Retype new password:

$ su ndejay
su: failed to execute /bin/bash: Permission denied

$ ssh ndejay@localhost
ndejay@localhost's password:
Could not chdir to home directory /home/ndejay: Permission denied
/bin/bash: Permission denied
Connection to localhost closed.

我确认权限设置正确并且 SElinux 已被禁用。

$ ls -ld /home /home/ndejay
drwxr-xr-t. 10 root   root   4096 Feb 27 18:13 /home
drwx------   2 ndejay ndejay   85 Feb 27 18:13 /home/ndejay

$ ls -ld /bin /usr/bin /usr/bin/bash
lrwxrwxrwx. 1 root root      7 Oct  1  2015 /bin -> usr/bin
dr-xr-xr-x. 2 root root  36864 Jan  9 17:51 /usr/bin
-rwxr-xr-x. 1 root root 960384 Mar  5  2015 /usr/bin/bash

$ getenforce
Disabled

$ tail /var/log/secure
Feb 27 18:13:28 fs01 su: pam_unix(su:session): session opened for user ndejay by (uid=0)
Feb 27 18:13:28 fs01 su: pam_sss(su:session): Request to sssd failed. Connection refused

我尝试禁用 sssd,但没有帮助:

$ authconfig --savebackup /root/230227-authconfig
$ authconfig --disablesssd --disablesssdauth --update

$ tail /var/log/secure
Feb 27 18:35:24 fs01 su: pam_unix(su:session): session opened for user ndejay by (uid=0)
Feb 27 18:35:24 fs01 su: pam_unix(su:session): session closed for user ndejay

Feb 27 18:40:25 fs01 sssd[14272]: Accepted password for ndejay from 172.21.13.11 port 53132 ssh2
Feb 27 18:40:25 fs01 sshd[14272]: pam_unix(sshd:session): session opened for user ndejay by (uid=0)
Feb 27 18:40:25 fs01 sshd[14344]: Received disconnect from 172.21.13.11: 11: disconnected by user
Feb 27 18:40:25 fs01 sshd[14272]: pam_unix(sshd:session): session closed for user ndejay

任何帮助都将不胜感激。谢谢!Nic

根据@Andrew Henle 的建议编辑 1,查看磁盘使用情况

$ df -h
Filesystem                                           Size  Used Avail Use% Mounted on
/dev/mapper/centos-root                              222G  100G  123G  45% /
devtmpfs                                             7.8G     0  7.8G   0% /dev
tmpfs                                                7.8G     0  7.8G   0% /dev/shm
tmpfs                                                7.8G   41M  7.7G   1% /run
tmpfs                                                7.8G     0  7.8G   0% /sys/fs/cgroup
/dev/sdb1                                            4.7G  174M  4.5G   4% /boot
/dev/mapper/centos-home                               47G  122M   47G   1% /home
tmpfs                                                1.6G     0  1.6G   0% /run/user/0
tmpfs                                                1.6G     0  1.6G   0% /run/user/12002
$ df -i
Filesystem                                              Inodes    IUsed      IFree IUse% Mounted on
/dev/mapper/centos-root                              232411136  2806233  229604903    2% /
devtmpfs                                               2026378      497    2025881    1% /dev
tmpfs                                                  2028949        1    2028948    1% /dev/shm
tmpfs                                                  2028949      711    2028238    1% /run
tmpfs                                                  2028949       13    2028936    1% /sys/fs/cgroup
/dev/sdb1                                              4882432      337    4882095    1% /boot
/dev/mapper/centos-home                               48828416      889   48827527    1% /home
tmpfs                                                  2028949        1    2028948    1% /run/user/0
tmpfs                                                  2028949        1    2028948    1% /run/user/12002

根据@Andrew Henle 的建议,编辑 2 查看详细sshd日志

在服务器上:

$ /usr/sbin/sshd -ddd -p 222
...
Server listening on :: port 222.

在客户端上:

$ ssh -p 222 ndejay@fs01
Last login: Mon Feb 27 18:40:25 2023 from d1p-hydratm01.ldi.lan
debug3: mm_request_send entering: type 124
debug3: mm_request_receive_expect entering: type 125
debug3: mm_request_receive entering
debug3: Copy environment: XDG_SESSION_ID=2198
Environment:
  LANG=en_US.UTF-8
  USER=ndejay
  LOGNAME=ndejay
  HOME=/home/ndejay
  PATH=/usr/local/bin:/usr/bin
  MAIL=/var/mail/ndejay
  SHELL=/bin/bash
  ...
  SSH_TTY=/dev/pts/1
  TERM=xterm-256color
  XDG_SESSION_ID=2198
Could not chdir to home directory /home/ndejay: Permission denied
/bin/bash: Permission denied
Connection to fs01 closed.

在服务器端(完整登录 pastebin):

Connection from 172.21.13.11 port 50449 on 172.21.13.10 port 222
...
Could not stat AuthorizedKeysCommand "/usr/bin/sss_ssh_authorizedkeys": Permission denied
...
debug1: Could not open authorized keys '/home/ndejay/.ssh/authorized_keys': Permission denied
...
Accepted password for ndejay from 172.21.13.11 port 51316 ssh2
...
/dev/pts/1: Permission denied
open /dev/tty failed - could not set controlling tty: Permission denied
...
Received disconnect from 172.21.13.11: 11: disconnected by user

相关内容