經常遇到設置了ulimit參數之後,使用root 用戶su 到普通用戶發現ulimit已經生效,但是直接用普通用戶ssh登陸卻不生效的問題,這主要是ssh配置的問題。
解決方法如下:
首先查看ssh的版本,ssh -V
如果版本是7.3及以下:修改/etc/ssh/sshd_config中 UseLogin的值爲yes
UseLogin yes後,重啓sshd服務service sshd restart即可。
如果版本是7.4及以上,具體步驟如下:
1、修改/etc/ssh/sshd_config的UsePAM no爲UsePAM yes
2、修改/etc/pam.d/sshd以及/etc/pam.d/password-auth爲之前版本的文件。
具體文件內容如下:
/etc/pam.d/sshd.內容如下
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
/etc/pam.d/password-auth內容如下:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
3、重啓sshd
service sshd restart
做以上操作之前,最好開啓telnet服務,避免誤操作導致主機無法登陸。
開啓telnet服務步驟:https://blog.csdn.net/weixin_44723434/article/details/89004585