【问题解决】终端不能登陆，只能用SSH，为什么？

very263

/etc/pam.d

1. #%PAM-1.0
   
2. auth                sufficient        pam_rootok.so
   
3. # Uncomment the following line to implicitly trust users in the "wheel" group.
   
4. #auth                sufficient        pam_wheel.so trust use_uid
   
5. # Uncomment the following line to require a user to be in the "wheel" group.
   
6. auth                required        pam_wheel.so use_uid
   
7. auth                include                system-auth
   
8. account                sufficient        pam_succeed_if.so uid = 0 use_uid quiet
   
9. account                include                system-auth
   
10. password        include                system-auth
    
11. session                include                system-auth
    
12. session                optional        pam_xauth.so
    
13. auth            sufficient      pam_rootok.so debug
    
14. auth            required        pam_wheel.so group=wheel

复制代码

/etc/pam.d

1. #%PAM-1.0
   
2. auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
   
3. auth       include      system-auth
   
4. account    required     pam_nologin.so
   
5. account    include      system-auth
   
6. password   include      system-auth
   
7. # pam_selinux.so close should be the first session rule
   
8. session    required     pam_selinux.so close
   
9. session    include      system-auth
   
10. session    required     pam_loginuid.so
    
11. session    optional     pam_console.so
    
12. # pam_selinux.so open should only be followed by sessions to be executed in the user context
    
13. session    required     pam_selinux.so open
    
14. session    optional     pam_keyinit.so force revoke
    
15. session required /lib/security/pam_limits.so

复制代码

/etc/passwd

1. root:x:0:0:root:/root:/bin/bash
   
2. bin:x:1:1:bin:/bin:/sbin/nologin
   
3. daemon:x:2:2:daemon:/sbin:/sbin/nologin
   
4. #adm:x:3:4:adm:/var/adm:/sbin/nologin
   
5. #lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
   
6. #sync:x:5:0:sync:/sbin:/bin/sync
   
7. #shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
   
8. #halt:x:7:0:halt:/sbin:/sbin/halt
   
9. #mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
   
10. #news:x:9:13:news:/etc/news:
    
11. #uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
    
12. #operator:x:11:0:operator:/root:/sbin/nologin
    
13. #games:x:12:100:games:/usr/games:/sbin/nologin
    
14. #gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
    
15. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
    
16. nobody:x:99:99:Nobody:/:/sbin/nologin
    
17. vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
    
18. sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
    
19. dbus:x:81:81:System message bus:/:/sbin/nologin
    
20. haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
    
21. Fing:x:500:500::/home/Fing:/bin/bash
    
22. apache:x:48:48:Apache:/var/www:/sbin/nologin
    
23. mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
    
24. webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin

复制代码

/etc/ssh/sshd_config

1. #        $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
   
2. 
   
3. # This is the sshd server system-wide configuration file.  See
   
4. # sshd_config(5) for more information.
   
5. 
   
6. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
   
7. 
   
8. # The strategy used for options in the default sshd_config shipped with
   
9. # OpenSSH is to specify options with their default value where
   
10. # possible, but leave them commented.  Uncommented options change a
    
11. # default value.
    
12. 
    
13. Port 19266
    
14. #Protocol 2,1
    
15. Protocol 2
    
16. #AddressFamily any
    
17. ListenAddress 192.168.1.2
    
18. #ListenAddress ::
    
19. 
    
20. # HostKey for protocol version 1
    
21. #HostKey /etc/ssh/ssh_host_key
    
22. # HostKeys for protocol version 2
    
23. #HostKey /etc/ssh/ssh_host_rsa_key
    
24. #HostKey /etc/ssh/ssh_host_dsa_key
    
25. 
    
26. # Lifetime and size of ephemeral version 1 server key
    
27. #KeyRegenerationInterval 1h
    
28. ServerKeyBits 1024
    
29. 
    
30. # Logging
    
31. # obsoletes QuietMode and FascistLogging
    
32. #SyslogFacility AUTH
    
33. SyslogFacility AUTHPRIV
    
34. #LogLevel INFO
    
35. 
    
36. # Authentication:
    
37. 
    
38. #LoginGraceTime 2m
    
39. PermitRootLogin no
    
40. #StrictModes yes
    
41. #MaxAuthTries 6
    
42. 
    
43. #RSAAuthentication yes
    
44. #PubkeyAuthentication yes
    
45. #AuthorizedKeysFile        .ssh/authorized_keys
    
46. 
    
47. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    
48. #RhostsRSAAuthentication no
    
49. # similar for protocol version 2
    
50. #HostbasedAuthentication no
    
51. # Change to yes if you don't trust ~/.ssh/known_hosts for
    
52. # RhostsRSAAuthentication and HostbasedAuthentication
    
53. #IgnoreUserKnownHosts no
    
54. # Don't read the user's ~/.rhosts and ~/.shosts files
    
55. #IgnoreRhosts yes
    
56. 
    
57. # To disable tunneled clear text passwords, change to no here!
    
58. #PasswordAuthentication yes
    
59. #PermitEmptyPasswords no
    
60. PasswordAuthentication yes
    
61. 
    
62. # Change to no to disable s/key passwords
    
63. #ChallengeResponseAuthentication yes
    
64. ChallengeResponseAuthentication no
    
65. 
    
66. # Kerberos options
    
67. #KerberosAuthentication no
    
68. #KerberosOrLocalPasswd yes
    
69. #KerberosTicketCleanup yes
    
70. #KerberosGetAFSToken no
    
71. 
    
72. # GSSAPI options
    
73. #GSSAPIAuthentication no
    
74. GSSAPIAuthentication yes
    
75. #GSSAPICleanupCredentials yes
    
76. GSSAPICleanupCredentials yes
    
77. 
    
78. # Set this to 'yes' to enable PAM authentication, account processing,
    
79. # and session processing. If this is enabled, PAM authentication will
    
80. # be allowed through the ChallengeResponseAuthentication mechanism.
    
81. # Depending on your PAM configuration, this may bypass the setting of
    
82. # PasswordAuthentication, PermitEmptyPasswords, and
    
83. # "PermitRootLogin without-password". If you just want the PAM account and
    
84. # session checks to run without PAM authentication, then enable this but set
    
85. # ChallengeResponseAuthentication=no
    
86. #UsePAM no
    
87. UsePAM no
    
88. 
    
89. # Accept locale-related environment variables
    
90. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    
91. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    
92. AcceptEnv LC_IDENTIFICATION LC_ALL
    
93. #AllowTcpForwarding yes
    
94. #GatewayPorts no
    
95. #X11Forwarding no
    
96. X11Forwarding yes
    
97. #X11DisplayOffset 10
    
98. #X11UseLocalhost yes
    
99. #PrintMotd yes
    
100. #PrintLastLog yes
     
101. #TCPKeepAlive yes
     
102. #UseLogin no
     
103. #UsePrivilegeSeparation yes
     
104. #PermitUserEnvironment no
     
105. #Compression delayed
     
106. #ClientAliveInterval 0
     
107. #ClientAliveCountMax 3
     
108. #ShowPatchLevel no
     
109. #UseDNS yes
     
110. #PidFile /var/run/sshd.pid
     
111. #MaxStartups 10
     
112. #PermitTunnel no
     
113. 
     
114. # no default banner path
     
115. #Banner /some/path
     
116. 
     
117. # override default of no subsystems
     
118. Subsystem        sftp        /usr/libexec/openssh/sftp-server

复制代码

/etc/securetty

1. console
   
2. vc/1
   
3. vc/2
   
4. vc/3
   
5. vc/4
   
6. vc/5
   
7. vc/6
   
8. vc/7
   
9. vc/8
   
10. vc/9
    
11. vc/10
    
12. vc/11
    
13. tty1
    
14. #tty2
    
15. #tty3
    
16. #tty4
    
17. #tty5
    
18. #tty6
    
19. #tty7
    
20. #tty8
    
21. #tty9
    
22. #tty10
    
23. #tty11

复制代码

曾执行了

1. # chattr +i /etc/passwd
   
2. # chattr +i /etc/shadow
   
3. # chattr +i /etc/group
   
4. # chattr +i /etc/gshadow

复制代码

1. # rm -f /etc/issue
   
2. # rm -f /etc/issue.net
   
3. # touch /etc/issue
   
4. # touch /etc/issue.net

复制代码

1. # chmod -R 700 /etc/rc.d/init.d/*

复制代码

红色是我修改过的，但是我恢复了还是不行的。
命令也是恢复过的，这种情况我之前也出现过，但是我重安装了系统，我还是照样设置，但是也是出现，问题现在是，我根本不知道产生这结果是那一步产生的，麻烦了。。。

[ 本帖最后由 very263 于 2009-5-14 14:00 编辑 ]

very263

我是在红旗4.0桌面版后，不记得那时候的redhat是几版了，就没有接触过linux的系统了，安装centos 5.3也是上个月中开始的，到现在，我安装的系统不下30次。已经烦了，今次难道又要再次安装，但是安装后由于不是很清楚，也是按照一些网上教程来做的，出现这种情况根本就不知道是哪一步。所以恳请及麻烦各位好好给我看看了，小弟先谢了。

very263

/var/log/secure


May 14 14:09:44 localhost login: Module is unknown
May 14 14:09:47 localhost login: PAM unable to dlopen(/lib/security/pam_limits.so)
May 14 14:09:47 localhost login: PAM [error: /lib/security/pam_limits.so: wrong ELF class: ELFCLASS32]
May 14 14:09:47 localhost login: PAM adding faulty module: /lib/security/pam_limits.so
May 14 14:09:55 localhost login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
May 14 14:09:55 localhost login: Module is unknown
May 14 14:09:57 localhost login: PAM unable to dlopen(/lib/security/pam_limits.so)
May 14 14:09:57 localhost login: PAM [error: /lib/security/pam_limits.so: wrong ELF class: ELFCLASS32]
May 14 14:09:57 localhost login: PAM adding faulty module: /lib/security/pam_limits.so
May 14 14:10:02 localhost login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
May 14 14:10:03 localhost login: Module is unknown
May 14 14:10:06 localhost login: PAM unable to dlopen(/lib/security/pam_limits.so)
May 14 14:10:06 localhost login: PAM [error: /lib/security/pam_limits.so: wrong ELF class: ELFCLASS32]
May 14 14:10:06 localhost login: PAM adding faulty module: /lib/security/pam_limits.so
May 14 14:10:12 localhost login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=  user=Fing
May 14 14:10:14 localhost login: FAILED LOGIN 1 FROM (null) FOR Fing, Authentication failure
May 14 14:10:22 localhost login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=  user=root
May 14 14:10:24 localhost login: FAILED LOGIN 2 FROM (null) FOR root, Authentication failure
May 14 14:10:33 localhost login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
May 14 14:10:33 localhost login: Module is unknown

发现了这些，想必就是问题所在了，但是问题怎么解决呢？

very263

哈哈，找到了，原来是
在/etc/pam.d/login
里面
session required /lib/security/pam_limits.so

由于我是安装的64位系统，而加载的是32位的pam_limits.so,所以问题就出现了，

一下修改在/etc/pam.d/login

session required /lib64/security/pam_limits.so

问题解决

谢谢大家，没有大家的热心我也想不起看/var/log/secure，谢了！

lydongkill

我也遇到这个问题了， 郁闷了好几天，今天腾出时间在网上搜了半天，都没有解决，还是cu上看到你的帖子，太感谢你了！！！

zhj1011

回复 14# very263


学习了 呵呵

tomasea

回复 14# very263


    呵呵，不错

islandstar

哈哈，找到了，原来是
在/etc/pam.d/login
里面
session required /lib/security/pam_limits.so

由于 ...
very263 发表于 2009-05-14 14:22

    谢谢了！！
原来64位不同了呀。。。

tlinle

一个六年前的帖子解决了困扰我好久的问题 。。。。。 谢谢