今天客户反映一个问题,ssh不上自己的服务器了,进机房RedHat Linux本地登录(3级别)的时候发现输入root敲回车的时候出现如下提示:
Your account is locked.Maximum amount of failed attempts was reached.
好说,单用户模式下
pam_tally2 -u root (faillog -u root)显示root用户登录失败记录的次数
pam_tally2 -u root -r (faillog -u root -r)将登录错误数重置为0
然后重启(5级别模式下)输入用户名密码,提示Authontication failed.
继续单用户模式
authconfig --disableldap --update
顺便 vi /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth requeired pam_tally2.so deny=5 lock_time=30 even_deny_root root_unlock_time=30
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_au
thtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet
use_uid
session required pam_unix.so
罪魁祸首就是红色字体那一行,请将红色字体前面加个#
所有问题都解决,系统用户可以正常登陆。
