Shulou(Shulou.com)06/02 Report--

When I arrived at the company at about eight o'clock in the morning, the database of the internal and external network of the monitoring report turned red in an all-round way. looking at the red of the monitoring, I was particularly flustered.

Log on to the database to check one by one, and find that there is no alarm in the alert log, and you can log in through external sqldeveloper tools.

-there is no problem with the database

The port 1521 of ping and telnet database in the host of the monitor computer is normal.

-there is no problem with the monitoring host and database network

What went wrong?

Log in to the database host on ssh on the host of the monitoring computer, enter the password, prompt to change the password, after the password is repaired, log in in ssh, can not log on! The password is correct.

But it is possible to su through other users.

-there is a problem with ssh login

Then I found another account to try, and the result was the same.

After searching for a long time, I couldn't find a solution. Finally, I went to the mainframe engineer. It took the mainframe engineer more than an hour to find a solution.

Users root users log in to change the account password used by the monitoring

Pam_tally2-- user account

Pam_tally2-user account-reset

According to the host engineer, the account password expires and a failed status will be recorded after the login failure. even if the password is changed, you cannot log in with ssh. You need to reset the status.

This is the first time I've seen this order, and I'm a little ill-informed! So I learned the operations related to ssh.

1. It is forbidden to use root users directly to log in through SSH

Add the following configuration to the / etc/pam.d/sshd configuration file (this configuration forbids password authentication for SSH, but can still log in using the SSH key)

Auth required pam_securetty.so

2, configure sudo

Enable whell groups so that users who only belong to wheel groups can use the su command

The following configuration needs to be added to the / etc/pam.d/su configuration file:

Auth required pam_wheel.so use_uid

Add users to wheel

Usermod-a-G wheel username

Sudo visudo

Hmm ALL= (ALL) NOPASSWD: ALL

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.