passwd: Have exhausted maximum number of retries for servic、ssh用普通用户登录输入密码正确但是登录却提示被拒绝问题解决,su到root报错
2024-05-12 05:58:56
文章目录
- passwd: Have exhausted maximum number of retries for servic
- 场景说明
- 问题解决
- 场景1
- 场景2 【万能方法】
- ssh用普通用户登录输入密码正确但是登录时却提示被拒绝问题解决
- 报错说明与测试
- 日志报错提示
- 问题解决
- su - root 报错
- 报错说明
- 解决方法
passwd: Have exhausted maximum number of retries for servic
场景说明
- 新建用户的时候,一般能用一个复杂密码修改一次,后面就修改失败了。
[root@paas-core01 ~]# echo 'xzhuaiweiedgewznjkxtXZ(^^)01' | passwd --stdin xz_tyng
Changing password for user xz_tyng.
passwd: all authentication tokens updated successfully.
[root@paas-core01 ~]#
[root@paas-core01 ~]# echo 'TyNgxzxzXXXJSBorale2' | passwd --stdin xz_tyng
Changing password for user xz_tyng.
passwd: Have exhausted maximum number of retries for service
[root@paas-core01 ~]#
[root@paas-core01 ~]# echo "TyNgxzxzXXXJSBorale2" | passwd --stdin xz_tyng
Changing password for user xz_tyng.
passwd: Have exhausted maximum number of retries for service
[root@paas-core01 ~]# echo root | passwd --stdin xz_tyng
Changing password for user xz_tyng.
passwd: Have exhausted maximum number of retries for service
[root@paas-core01 ~]#
- 网上说,可以用chpass来修改,我这依然也是不行滴。。。
[root@paas-core01 ~]# echo xz_tyng:xz_tyng | chpasswd
BAD PASSWORD: is too simple
BAD PASSWORD: is too simple
BAD PASSWORD: is too simple
chpasswd: (user xz_tyng) pam_chauthtok() failed, error:
Have exhausted maximum number of retries for service
chpasswd: (line 1, user xz_tyng) password not changed
[root@paas-core01 ~]# echo xz_tyng:root123 |chpasswd
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: it is too simplistic/systematic
chpasswd: (user xz_tyng) pam_chauthtok() failed, error:
Have exhausted maximum number of retries for service
chpasswd: (line 1, user xz_tyng) password not changed
[root@paas-core01 ~]#
问题解决
场景1
上面这种情况其实就是
/etc/pam.d/system-auth文件中做了限制【比如密码复杂度这样】,导致出现上面的情况,最简单的解决方法就是找一台正常的虚拟机,将/etc/pam.d/system-auth文件中的内容全部拷贝到当前问题虚拟机中的/etc/pam.d/system-auth配置文件中即可【但如果是生产环境不建议这么做,因为合规要求会修改/etc/pam.d/system-auth这个文件。】另外一种情况,确定
/etc/passwd和/etc/shadown文件权限没问题,正常情况如下
如果有-i或-a,执行:chattr -i /etc/shadow这样将其删除。
[root@paas-core01 ~]# lsattr /etc/passwd /etc/shadow
--------------e----- /etc/passwd
--------------e----- /etc/shadow
[root@paas-core01 ~]#
确定没有多余权限,接着往下看
场景2 【万能方法】
- 首先,
/etc/pam.d/system-auth做过修改,一定要保证其要修改的用户密码足够复杂。 passwd: Have exhausted maximum number of retries for servic这个报错其实意思就是你当前设置的密码最近已经使用过,请重新设置。
万能解决方法,其实就是将我们设置过的密码给删了【删除该用户新建同样的效果】,再重新定义密码就行了。- 所有用户历史密码会记录到一个文件中
/etc/security/opasswd,把它清空,再重新设置密码,问题基本上都能得到解决
如我这将xz_tyng用户行信息删除【删除wq保存】,再重新修改密码,问题解决。
[root@paas-core01 ~]# cat /etc/security/opasswd
root:0:1:$6$vgdPSu0RskWF4aAu$kjSw4nhgzfxhg/LynRm2xEHb9YwfDYXv6f./64RNWaA6lmwmATGJ8apTvrMdO3n1yj7dt40Mc7Dh98woLrbbZ.
xz_tyng:5100:1:$6$eC9g3pG4mfaA5wyy$7dy0P.Sj2Ghtz2YenDBxmoIGW.QLYeXx0PFpjRBZl7zQLEBCpm4iUpcbUoIhklT2IRZsN2JhSSKarc7lIzgYY1
[root@paas-core01 ~]#
[root@paas-core01 ~]# echo 'xzhuaiweiedgewznjkxtTyNg(^^)1' |passwd --stdin xz_tyng
Changing password for user xz_tyng.
passwd: all authentication tokens updated successfully.
[root@paas-core01 ~]#
ssh用普通用户登录输入密码正确但是登录时却提示被拒绝问题解决
报错说明与测试
首先,这是一个定制系统,用户提供的镜像我们创建的虚拟机。
我用工具通过普通用户登录,就会报错【和密码错误一样的情况】
测试
在虚拟机内部,能通过普通用户su切换到该用户,证明密码没问题。
[root@paas-core01 ~]# su - xz_tyng
Last login: Thu Feb 16 17:17:51 CST 2023 on pts/1
Last failed login: Thu Feb 16 17:29:27 CST 2023 from 4.5.201.126 on ssh:notty
There were 5 failed login attempts since the last successful login.
[xz_tyng@paas-core01 ~]$ su - xz_tyng
Password:
Last login: Thu Feb 16 17:29:30 CST 2023 on pts/1
Last failed login: Thu Feb 16 17:29:30 CST 2023 from 4.5.201.126 on ssh:notty
There was 1 failed login attempt since the last successful login.
[xz_tyng@paas-core01 ~]$
日志报错提示
- 查看日志
一个窗口执行tail -f /var/log/messages,新开一个窗口再次通过该用户登录。
[root@paas-core01 ~]# tail -f /var/log/messages
Feb 16 17:35:18 paas-core01 sshd[57466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.2.183.225 user=xz_tyng
Feb 16 17:35:21 paas-core01 sshd[57466]: Failed password for invalid user xz_tyng from 1.2.183.225 port 62640 ssh2
Feb 16 17:35:30 paas-core01 sshd[57466]: error: Received disconnect from 1.2.183.225 port 62640:0: [preauth]
Feb 16 17:35:30 paas-core01 sshd[57466]: Disconnected from invalid user xz_tyng 1.2.183.225 port 62640 [preauth]
Feb 16 17:35:59 paas-core01 su[59454]: (to paas) paas on pts/1
Feb 16 17:35:59 paas-core01 su[59454]: pam_unix(su-l:session): session opened for user paas(uid=1000) by paas(uid=0)
Feb 16 17:36:06 paas-core01 su[59663]: (to xz_tyng) paas on pts/1
Feb 16 17:36:06 paas-core01 su[59663]: pam_unix(su-l:session): session opened for user xz_tyng(uid=5100) by paas(uid=1000)
Feb 16 17:37:10 paas-core01 su[59663]: pam_unix(su-l:session): session closed for user xz_tyng
Feb 16 17:37:11 paas-core01 su[59454]: pam_unix(su-l:session): session closed for user paas
Feb 16 17:37:34 paas-core01 sshd[63415]: User xz_tyng from 1.2.183.225 not allowed because not listed in AllowUsers
Feb 16 17:37:37 paas-core01 sshd[63415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.2.183.225 user=xz_tyng
Feb 16 17:37:39 paas-core01 sshd[63415]: Failed password for invalid user xz_tyng from 1.2.183.225 port 59219 ssh2
Feb 16 17:37:51 paas-core01 sshd[63415]: error: Received disconnect from 1.2.183.225 port 59219:0: [preauth]
Feb 16 17:37:51 paas-core01 sshd[63415]: Disconnected from invalid user xz_tyng 1.2.183.225 port 59219 [preauth]
Feb 16 17:38:47 paas-core01 sshd[1058]: Accepted password for paas from 1.2.183.225 port 64970 ssh2
Feb 16 17:38:47 paas-core01 sshd[1058]: pam_unix(sshd:session): session opened for user paas(uid=1000) by (uid=0)
^C
[root@paas-core01 ~]#
日志中出现
Failed password for invalid user xz_tyng from 1.2.183.225 port 62640 ssh2
ssh登录有提示invalid user【无效用户】,无效用户,这不是扯犊子嘛,系统内都可以切,这用户怎么可能无效。所以我们现在可以知道原因了,ssh登录有问题,那么肯定是ssh的配置文件中限制死了。
进入ssh配置文件/etc/ssh/sshd_config看看是否有AllowUsers【这个就是限制允许登录用户的行】
问题解决
- 好家伙,可以看到,这个镜像中定制了只允许:
paas和sftpuser用户登录,其他用户一律不能登录。
[root@paas-core01 ~]# cat /etc/ssh/sshd_config | grep AllowUser
AllowUsers paas sftpuser
[root@paas-core01 ~]#
- 解决方法很简单,在该行添加我们创建的普通用户,然后重启sshd服务就行了。
[root@paas-core01 ~]# cat /etc/ssh/sshd_config | grep AllowUser
AllowUsers paas sftpuser xz_tyng
[root@paas-core01 ~]#
[root@paas-core01 ~]# systemctl restart sshd
[root@paas-core01 ~]#
su - root 报错
报错说明
- 普通用户su - 到root的时候会提示
su: Authentication failure,如下
[root@xz-ywbp-03 pam.d]# su - xz_tyng
Last login: Mon Nov 1 07:13:51 UTC 2021 from 10.233.201.126 on pts/0
[xz_tyng@xz-ywbp-03 ~]$ su -
Password:
[xz_tyng@xz-ywbp-03 ~]$ su -
Password:
su: Authentication failure
[xz_tyng@xz-ywbp-03 ~]$
解决方法
- 我这只说做合规导致的普通用户不能su到root
- 1、
/etc/pam.d/su文件看看下面这句,如果没注释,就注释掉【或者将需要su的用户加入到whell组里】
auth requiredpam_whell.so use_uid - 2、恢复
/etc/pam.d/system-auth这个文件,这个文件也会对用户做些限制,最直接的方法就是恢复到之前备份的文件,如果之前没有备份,找一台全新的虚拟机,把该文件内容复制过来即可【做之前先记得备份限制的文件】 - 一般来说上面2个方法做了普通用户都能su到root了,如下,业务方就是做了限制导致普通用户不能su到root
- 1、
[root@xz-ywbp-03 ~]# cd /etc/pam.d/
[root@xz-ywbp-03 pam.d]# ls
chfn config-util fingerprint-auth login passwd password-auth-ac postlogin remote runuser-l smartcard-auth-ac smtp.postfix su sudo-i system-auth system-auth_bak system-auth.bak20221202 vlock
chsh crond fingerprint-auth-ac other password-auth polkit-1 postlogin-ac runuser smartcard-auth smtp sshd sudo su-l system-auth-ac system-auth.bak20220118 systemd-user
[root@xz-ywbp-03 pam.d]#
[root@xz-ywbp-03 pam.d]#
[root@xz-ywbp-03 pam.d]# cp su su.bak0519
[root@xz-ywbp-03 pam.d]#
[root@xz-ywbp-03 pam.d]# vi su
[root@xz-ywbp-03 pam.d]#
[root@xz-ywbp-03 pam.d]# # 只是注释了auth requiredpam_whell.so use_uid,不行
[root@xz-ywbp-03 pam.d]# su - xz_tyng
Last login: Mon Nov 1 07:13:51 UTC 2021 from 10.233.201.126 on pts/0
[xz_tyng@xz-ywbp-03 ~]$ su -
Password:
[xz_tyng@xz-ywbp-03 ~]$ su -
Password:
su: Authentication failure
[xz_tyng@xz-ywbp-03 ~]$ logout
[root@xz-ywbp-03 pam.d]#
[root@xz-ywbp-03 pam.d]#
[root@xz-ywbp-03 pam.d]# cp system-auth system-auth.bak0519
[root@xz-ywbp-03 pam.d]#
[root@xz-ywbp-03 pam.d]# cp system-auth.bak system-auth
cp: cannot stat ‘system-auth.bak’: No such file or directory
[root@xz-ywbp-03 pam.d]#
[root@xz-ywbp-03 pam.d]# cp system-auth_bak system-auth
cp: overwrite ‘system-auth’? y
[root@xz-ywbp-03 pam.d]# # 恢复system-auth文件,可以了
[root@xz-ywbp-03 pam.d]# su - xz_tyng
Last login: Fri May 19 15:49:02 UTC 2023 on pts/1
[xz_tyng@xz-ywbp-03 ~]$ su -
Password:
Last login: Fri May 19 15:47:39 UTC 2023 from 1.2.3.225 on pts/1
Last failed login: Fri May 19 15:49:15 UTC 2023 on pts/1
There were 2 failed login attempts since the last successful login.
[root@xz-ywbp-03 ~]#
- 如果上面还是不行再查看
/etc/login.defs文件 是不是有下面一句SU_WHEEL_ONLY yes。如果存在,注释掉.。
passwd: Have exhausted maximum number of retries for servic、ssh用普通用户登录输入密码正确但是登录却提示被拒绝问题解决,su到root报错相关推荐
- Exceeded maximum number of retries. Exhausted all hosts available for retrying build failures
openstack创建实例时报错: Exceeded maximum number of retries. Exhausted all hosts available for retrying bui ...
- OpenStack 创建虚拟机错误:Exceeded maximum number of retries. Exhausted all hosts available for retrying bui
错误 Ubuntu 20.04 下手动安装 OpenStack Xena 版 在创建虚拟机的时候总是失败 openstack server create --flavor m1.nano --imag ...
- openstack创建实例报错Exceeded maximum number of retries
Error: 实例 "vm2" 执行所请求操作失败,实例处于错误状态.: 请稍后再试 [错误: Exceeded maximum number of retries. Exceed ...
- Exceeded maximum number of retries. Exceeded max scheduling attempts 3 for instance
Exceeded maximum number of retries. Exceeded max scheduling attempts 3 for instance
- Linux Increase The Maximum Number Of Open Files / File Descriptors (FD)
http://www.cyberciti.biz/faq/linux-increase-the-maximum-number-of-open-files/ How do I increase the ...
- 报错: MLPClassifier:ConvergenceWarning: Stochastic Optimizer: Maximum iterations (400) reached
ConvergenceWarning: Stochastic Optimizer: Maximum iterations (400) reached and the optimization hasn ...
- python解码bash64报错:binascii.Error: Invalid base64-encoded string: number of data characters (7121) can
文章目录 报错信息 产生过程 问题产生原因(失败,报错不是这个问题) 20230223 问题产生原因2:base64编码数据是错误的 报错信息 binascii.Error: Invalid base ...
- bypy报错Error 140: Maximum retries reached解决办法
解决办法: 先执行:bypy refreshtoken 再执行:bypy info后,再下载即可成功. 错误信息如下: eve@Eve:~/verify$ bypy info <E> [1 ...
- Oracle 数据库设置最大进程数参数方法,oracle最大进程数满了处理方法,sysdba管理员登录报“maximum number of processes (150) exceeded“问题解决
oracle 数据库使用 sysdba 管理员登录报: ORA-00020: maximum number of processes (150) exceeded 译:超过了最大进程数(150) 方法 ...
最新文章
- Windows7防火墙服务无法启用怎么办
- Spring Boot 项目如何做性能监控?
- SQL 中的游标实例
- 轻松搞定面试中的二叉树题目
- Develop内部函数,持续更新
- CSS 优化、提高性能的方法
- js删除数组中指定元素_js中数组操作详解
- html5 canvas 不兼容safari浏览器_HTML5简介
- TensorFlow指定特定GPU以及占用显存的比例
- 2019物联网发展十大预测,你准备好了吗?
- 【数字信号】基于matlab GUI DTMF信号生成与检测(带按键音)【含Matlab源码 1086期】
- 端口扫描工具zmap使用笔记
- PMP考试多少分算通过?
- Java毕设项目在线购书商城系统计算机(附源码+系统+数据库+LW)
- 解构蓝牙地址以及蓝牙MAC地址查询
- 软件质量模型的六大特性和27个子特性
- python抠图_Python实现抠图
- 软件架构师考试内容及题型
- android 多媒体播放 MediaSession 框架
- 极客时间前端进阶特训营winter、杨村长、然叔、高少云,《精通React》大专栏,React低代码项目,前端算法实战,杨村长Vue3开源组件库实战(Vue3+Vite+VitePress+TSX+T