Permission denied, please try again.

来源：互联网发布：统一接口管理源码编辑：程序博客网时间：2024/04/29 07:38

linux centos6.5

当从一台机器执行scp的时候，报错：

报错的消息是没有权限，密码应该是正确的，也可以得到验证。

那么怎么会没有权限呢？我用的不是root用户，并且root用户也应该是有权限的。

查看服务器端的日志文件/var/log/secure，当输入密码后，报错信息如下：

sshd[27915]: Connection closed by xxxxxxx
sshd[27939]: pam_listfile(sshd:auth): Refused user oracle for service sshd
sshd[27939]: Failed password for oracle from xxxxx port 63581 ssh2

关键的错误是： pam_listfile(sshd:auth): Refused user oracle for service sshd

查看文件/etc/pam.d/sshd

这个东西没有研究过，也没有遇到过类似的错误，但是可以使用对比大发，找到一台正常的服务器，对比这两个文件

有错误的：

#%PAM-1.0
auth required pam_listfile.so item=user sense=allow file=/etc/sshusers-allowed onerr=fail
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth

正常的：
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth

发现有错误的上面多了一行，注释掉这行，然后重启sshd服务试试：

# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]

好了。

上面/etc/sshusers-allowed文件的作用是只允许里面的用户连接ssh，是一种安全机制。

0 0