linux系統(tǒng)用戶ssh遠程登錄成功本地登錄失敗的問題

qqjb

我有2臺服務器，操作系統(tǒng)redhat6.1，通過ssh遠程訪問以oracle、root用戶均能ssh連接，但接顯示器本地登錄oracle用戶則失敗，root登錄正常。
以下為本地登錄時通過遠程主機查看secure日志的輸出，請大家?guī)头治鱿率鞘裁丛�因，謝謝！

210
oracle失敗
[root@linux-01 ~]# tail -f /var/log/secure
Nov 14 17:26:11 linux-01 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
Nov 14 17:26:12 linux-01 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.21 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)
Nov 14 17:26:14 linux-01 su: pam_unix(su-l:session): session closed for user oracle
Nov 14 17:26:27 linux-01 sshd[5550]: Accepted password for oracle from 192.168.0.219 port 52867 ssh2
Nov 14 17:26:27 linux-01 sshd[5550]: pam_limits(sshd:session): unknown limit type '??????soft'
Nov 14 17:26:27 linux-01 sshd[5550]: pam_limits(sshd:session): unknown limit item '????'
Nov 14 17:26:27 linux-01 sshd[5550]: pam_limits(sshd:session): unknown limit type '??????soft'
Nov 14 17:26:27 linux-01 sshd[5550]: pam_limits(sshd:session): unknown limit item '????'
Nov 14 17:26:27 linux-01 sshd[5550]: pam_unix(sshd:session): session opened for user oracle by (uid=0)
Nov 14 17:26:44 linux-01 su: pam_unix(su-l:session): session opened for user root by oracle(uid=501)
Nov 14 17:27:02 linux-01 pam: gdm-password[5063]: pam_limits(gdm-password:session): unknown limit type '??????soft'
Nov 14 17:27:02 linux-01 pam: gdm-password[5063]: pam_limits(gdm-password:session): unknown limit item '????'
Nov 14 17:27:02 linux-01 pam: gdm-password[5063]: pam_limits(gdm-password:session): unknown limit type '??????soft'
Nov 14 17:27:02 linux-01 pam: gdm-password[5063]: pam_limits(gdm-password:session): unknown limit item '????'
Nov 14 17:27:02 linux-01 pam: gdm-password[5063]: pam_unix(gdm-password:session): session opened for user oracle by (uid=0)
Nov 14 17:27:02 linux-01 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.21, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 14 17:27:23 linux-01 pam: gdm-password[5063]: pam_unix(gdm-password:session): session closed for user oracle
Nov 14 17:27:25 linux-01 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.40 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)

root 可行
Nov 14 17:28:42 linux-01 pam: gdm-password[5857]: pam_unix(gdm-password:session): session opened for user root by (uid=0)
Nov 14 17:28:42 linux-01 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.40, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 14 17:28:44 linux-01 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session4 (system bus name :1.55 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)


211
oracle 失敗
Nov 14 17:20:09 linux-02 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.21, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 14 17:20:31 linux-02 pam: gdm-password[4798]: pam_unix(gdm-password:session): session closed for user oracle
Nov 14 17:20:33 linux-02 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.42 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)

root 成功
Nov 14 17:21:24 linux-02 pam: gdm-password[10825]: pam_unix(gdm-password:session): session opened for user root by (uid=0)
Nov 14 17:21:24 linux-02 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.42, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 14 17:21:25 linux-02 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session4 (system bus name :1.52 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)

jerryjzm

"但接顯示器本地登錄oracle用戶則失敗，root登錄正常。"

有疑問，既然oracle登錄失敗，那你先前有用oracle本地登錄過嗎？

給出
cat /etc/pam.d/gdm
結(jié)果

qqjb

安裝系統(tǒng)時只有root用戶，配置IP都是本地配置的，oracle用戶是后來遠程添加的
cat /etc/pam.d/gdm
#%PAM-1.0
auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth       required    pam_succeed_if.so user != root quiet
auth       required    pam_env.so
auth       substack    system-auth
auth       optional    pam_gnome_keyring.so
account    required    pam_nologin.so
account    include     system-auth
password   include     system-auth
session    required    pam_selinux.so close
session    required    pam_loginuid.so
session    optional    pam_console.so
session    required    pam_selinux.so open
session    optional    pam_keyinit.so force revoke
session    required    pam_namespace.so
session    optional    pam_gnome_keyring.so auto_start
session    include     system-auth

jerryjzm

你本地登錄是用圖形還是字符界面的？

通過，
auth       required    pam_succeed_if.so user != root quiet
這一行，你默認應該是root無法通過圖形界面登錄的。

qqjb

你本地登錄是用圖形還是字符界面的？

通過，
auth       required    pam_succeed_if.so user != root  ...
jerryjzm 發(fā)表于 2011-11-15 15:15

本地登錄時圖形界面登錄，root可以 oracle不行
而且我切換到字符界面用root登錄，每當輸完用戶密碼后他又跳回到登錄提示符login:這里了

chenyx

樓主ssh上去,新建一個用普通用戶,然后本地圖形登陸下看看

qqjb

在系統(tǒng)原來也有一個ruuy用戶，本地登錄也失敗
添加一個test用戶本地登錄也失敗，以下日志
Nov 24 14:59:05 linux-02 pam: gdm-password[8027]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=ruuy
Nov 24 15:02:55 linux-02 pam: gdm-password[11351]: pam_limits(gdm-password:session): unknown limit type '　　　soft'
Nov 24 15:02:55 linux-02 pam: gdm-password[11351]: pam_limits(gdm-password:session): unknown limit item '　　'
Nov 24 15:02:55 linux-02 pam: gdm-password[11351]: pam_limits(gdm-password:session): unknown limit type '　　　soft'
Nov 24 15:02:55 linux-02 pam: gdm-password[11351]: pam_limits(gdm-password:session): unknown limit item '　　'
Nov 24 15:02:55 linux-02 pam: gdm-password[11351]: pam_unix(gdm-password:session): session opened for user oracle by (uid=0)
Nov 24 15:02:55 linux-02 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.21, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 24 15:03:17 linux-02 pam: gdm-password[11351]: pam_unix(gdm-password:session): session closed for user oracle
Nov 24 15:03:19 linux-02 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.64 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)
Nov 24 15:04:11 linux-02 su: pam_unix(su-l:session): session opened for user root by oracle(uid=501)
Nov 24 15:04:48 linux-02 useradd[19874]: new group: name=test, GID=536
Nov 24 15:04:48 linux-02 useradd[19874]: new user: name=test, UID=534, GID=536, home=/home/test, shell=/bin/bash
Nov 24 15:04:56 linux-02 passwd: pam_unix(passwd:chauthtok): password changed for test
Nov 24 15:04:56 linux-02 passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered
Nov 24 15:05:17 linux-02 pam: gdm-password[17975]: pam_unix(gdm-password:session): session opened for user test by (uid=0)
Nov 24 15:05:17 linux-02 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.64, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 24 15:05:19 linux-02 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session4 (system bus name :1.82 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)
Nov 24 15:06:25 linux-02 su: pam_unix(su-l:session): session closed for user root
Nov 24 15:06:42 linux-02 su: pam_unix(su-l:session): session opened for user root by oracle(uid=501)

Broadcast message from oracle@linux-02
        (/dev/pts/1) at 15:18 ...

The system is going down for reboot NOW!
Nov 24 15:18:24 linux-02 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session4 (system bus name :1.82, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 24 15:18:26 linux-02 su: pam_limits(su-l:session): unknown limit type '　　　soft'
Nov 24 15:18:26 linux-02 su: pam_limits(su-l:session): unknown limit item '　　'
Nov 24 15:18:26 linux-02 su: pam_limits(su-l:session): unknown limit type '　　　soft'
Nov 24 15:18:26 linux-02 su: pam_limits(su-l:session): unknown limit item '　　'
Nov 24 15:18:26 linux-02 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
Nov 24 15:18:30 linux-02 su: pam_unix(su-l:session): session closed for user oracle
Nov 24 15:18:30 linux-02 su: pam_limits(su-l:session): unknown limit type '　　　soft'
Nov 24 15:18:30 linux-02 su: pam_limits(su-l:session): unknown limit item '　　'
Nov 24 15:18:30 linux-02 su: pam_limits(su-l:session): unknown limit type '　　　soft'
Nov 24 15:18:30 linux-02 su: pam_limits(su-l:session): unknown limit item '　　'
Nov 24 15:18:30 linux-02 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
Nov 24 15:18:39 linux-02 su: pam_unix(su-l:session): session closed for user oracle
Nov 24 15:18:54 linux-02 sshd[3558]: Received signal 15; terminating.

qqjb

沒人遇到過這種問題嗎

鳥哥のlinux

Xhost +

qqjb

Xhost +
鳥哥のlinux 發(fā)表于 2011-11-28 13:22

現(xiàn)在根據(jù)你的方法測試可以登錄了，:wink:
現(xiàn)在的疑問是這個設置是永久的嗎，通過該命令可解決那本質(zhì)的原因是什么呢，是pam或哪里限制的嗎

還有我本地以root在字符界面登錄，老是又回到login的地方也是類似問題嗎，有解決辦法嗎