linux系统用户ssh远程登录成功本地登录失败的问题

qqjb

我有2台服务器，操作系统redhat6.1，通过ssh远程访问以oracle、root用户均能ssh连接，但接显示器本地登录oracle用户则失败，root登录正常。
以下为本地登录时通过远程主机查看secure日志的输出，请大家帮分析下是什么原因，谢谢！

210
oracle失败
[root@linux-01 ~]# tail -f /var/log/secure
Nov 14 17:26:11 linux-01 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
Nov 14 17:26:12 linux-01 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.21 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)
Nov 14 17:26:14 linux-01 su: pam_unix(su-l:session): session closed for user oracle
Nov 14 17:26:27 linux-01 sshd[5550]: Accepted password for oracle from 192.168.0.219 port 52867 ssh2
Nov 14 17:26:27 linux-01 sshd[5550]: pam_limits(sshd:session): unknown limit type '??????soft'
Nov 14 17:26:27 linux-01 sshd[5550]: pam_limits(sshd:session): unknown limit item '????'
Nov 14 17:26:27 linux-01 sshd[5550]: pam_limits(sshd:session): unknown limit type '??????soft'
Nov 14 17:26:27 linux-01 sshd[5550]: pam_limits(sshd:session): unknown limit item '????'
Nov 14 17:26:27 linux-01 sshd[5550]: pam_unix(sshd:session): session opened for user oracle by (uid=0)
Nov 14 17:26:44 linux-01 su: pam_unix(su-l:session): session opened for user root by oracle(uid=501)
Nov 14 17:27:02 linux-01 pam: gdm-password[5063]: pam_limits(gdm-password:session): unknown limit type '??????soft'
Nov 14 17:27:02 linux-01 pam: gdm-password[5063]: pam_limits(gdm-password:session): unknown limit item '????'
Nov 14 17:27:02 linux-01 pam: gdm-password[5063]: pam_limits(gdm-password:session): unknown limit type '??????soft'
Nov 14 17:27:02 linux-01 pam: gdm-password[5063]: pam_limits(gdm-password:session): unknown limit item '????'
Nov 14 17:27:02 linux-01 pam: gdm-password[5063]: pam_unix(gdm-password:session): session opened for user oracle by (uid=0)
Nov 14 17:27:02 linux-01 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.21, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 14 17:27:23 linux-01 pam: gdm-password[5063]: pam_unix(gdm-password:session): session closed for user oracle
Nov 14 17:27:25 linux-01 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.40 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)

root 可行
Nov 14 17:28:42 linux-01 pam: gdm-password[5857]: pam_unix(gdm-password:session): session opened for user root by (uid=0)
Nov 14 17:28:42 linux-01 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.40, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 14 17:28:44 linux-01 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session4 (system bus name :1.55 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)


211
oracle 失败
Nov 14 17:20:09 linux-02 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.21, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 14 17:20:31 linux-02 pam: gdm-password[4798]: pam_unix(gdm-password:session): session closed for user oracle
Nov 14 17:20:33 linux-02 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.42 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)

root 成功
Nov 14 17:21:24 linux-02 pam: gdm-password[10825]: pam_unix(gdm-password:session): session opened for user root by (uid=0)
Nov 14 17:21:24 linux-02 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.42, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 14 17:21:25 linux-02 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session4 (system bus name :1.52 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)

jerryjzm

"但接显示器本地登录oracle用户则失败，root登录正常。"

有疑问，既然oracle登录失败，那你先前有用oracle本地登录过吗？

给出
cat /etc/pam.d/gdm
结果

qqjb

安装系统时只有root用户，配置IP都是本地配置的，oracle用户是后来远程添加的
cat /etc/pam.d/gdm
#%PAM-1.0
auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth       required    pam_succeed_if.so user != root quiet
auth       required    pam_env.so
auth       substack    system-auth
auth       optional    pam_gnome_keyring.so
account    required    pam_nologin.so
account    include     system-auth
password   include     system-auth
session    required    pam_selinux.so close
session    required    pam_loginuid.so
session    optional    pam_console.so
session    required    pam_selinux.so open
session    optional    pam_keyinit.so force revoke
session    required    pam_namespace.so
session    optional    pam_gnome_keyring.so auto_start
session    include     system-auth

jerryjzm

你本地登录是用图形还是字符界面的？

通过，
auth       required    pam_succeed_if.so user != root quiet
这一行，你默认应该是root无法通过图形界面登录的。

qqjb

你本地登录是用图形还是字符界面的？

通过，
auth       required    pam_succeed_if.so user != root  ...
jerryjzm 发表于 2011-11-15 15:15

本地登录时图形界面登录，root可以 oracle不行
而且我切换到字符界面用root登录，每当输完用户密码后他又跳回到登录提示符login:这里了

chenyx

楼主ssh上去,新建一个用普通用户,然后本地图形登陆下看看

qqjb

在系统原来也有一个ruuy用户，本地登录也失败
添加一个test用户本地登录也失败，以下日志
Nov 24 14:59:05 linux-02 pam: gdm-password[8027]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=ruuy
Nov 24 15:02:55 linux-02 pam: gdm-password[11351]: pam_limits(gdm-password:session): unknown limit type '　　　soft'
Nov 24 15:02:55 linux-02 pam: gdm-password[11351]: pam_limits(gdm-password:session): unknown limit item '　　'
Nov 24 15:02:55 linux-02 pam: gdm-password[11351]: pam_limits(gdm-password:session): unknown limit type '　　　soft'
Nov 24 15:02:55 linux-02 pam: gdm-password[11351]: pam_limits(gdm-password:session): unknown limit item '　　'
Nov 24 15:02:55 linux-02 pam: gdm-password[11351]: pam_unix(gdm-password:session): session opened for user oracle by (uid=0)
Nov 24 15:02:55 linux-02 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.21, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 24 15:03:17 linux-02 pam: gdm-password[11351]: pam_unix(gdm-password:session): session closed for user oracle
Nov 24 15:03:19 linux-02 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.64 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)
Nov 24 15:04:11 linux-02 su: pam_unix(su-l:session): session opened for user root by oracle(uid=501)
Nov 24 15:04:48 linux-02 useradd[19874]: new group: name=test, GID=536
Nov 24 15:04:48 linux-02 useradd[19874]: new user: name=test, UID=534, GID=536, home=/home/test, shell=/bin/bash
Nov 24 15:04:56 linux-02 passwd: pam_unix(passwd:chauthtok): password changed for test
Nov 24 15:04:56 linux-02 passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered
Nov 24 15:05:17 linux-02 pam: gdm-password[17975]: pam_unix(gdm-password:session): session opened for user test by (uid=0)
Nov 24 15:05:17 linux-02 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name :1.64, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 24 15:05:19 linux-02 polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session4 (system bus name :1.82 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030)
Nov 24 15:06:25 linux-02 su: pam_unix(su-l:session): session closed for user root
Nov 24 15:06:42 linux-02 su: pam_unix(su-l:session): session opened for user root by oracle(uid=501)

Broadcast message from oracle@linux-02
        (/dev/pts/1) at 15:18 ...

The system is going down for reboot NOW!
Nov 24 15:18:24 linux-02 polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session4 (system bus name :1.82, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.GB18030) (disconnected from bus)
Nov 24 15:18:26 linux-02 su: pam_limits(su-l:session): unknown limit type '　　　soft'
Nov 24 15:18:26 linux-02 su: pam_limits(su-l:session): unknown limit item '　　'
Nov 24 15:18:26 linux-02 su: pam_limits(su-l:session): unknown limit type '　　　soft'
Nov 24 15:18:26 linux-02 su: pam_limits(su-l:session): unknown limit item '　　'
Nov 24 15:18:26 linux-02 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
Nov 24 15:18:30 linux-02 su: pam_unix(su-l:session): session closed for user oracle
Nov 24 15:18:30 linux-02 su: pam_limits(su-l:session): unknown limit type '　　　soft'
Nov 24 15:18:30 linux-02 su: pam_limits(su-l:session): unknown limit item '　　'
Nov 24 15:18:30 linux-02 su: pam_limits(su-l:session): unknown limit type '　　　soft'
Nov 24 15:18:30 linux-02 su: pam_limits(su-l:session): unknown limit item '　　'
Nov 24 15:18:30 linux-02 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
Nov 24 15:18:39 linux-02 su: pam_unix(su-l:session): session closed for user oracle
Nov 24 15:18:54 linux-02 sshd[3558]: Received signal 15; terminating.

qqjb

没人遇到过这种问题吗

鸟哥のlinux

Xhost +

qqjb

Xhost +
鸟哥のlinux 发表于 2011-11-28 13:22

现在根据你的方法测试可以登录了，:wink:
现在的疑问是这个设置是永久的吗，通过该命令可解决那本质的原因是什么呢，是pam或哪里限制的吗

还有我本地以root在字符界面登录，老是又回到login的地方也是类似问题吗，有解决办法吗