我使用 Ubuntu Server AMI 之一啟動了一個 AWS 實例,使用預設用戶 (ubuntu) 和密鑰檔案成功登錄,安裝了一些東西,添加了一些用戶,斷開連接並忘記了幾週。
今天我發現我無法再使用第一次使用的相同憑證進行 ssh 存取:
$ ssh -i ~/path/key.pem [email protected]
Connection closed by 1.2.3.4 port 22
$ ssh -v -i ~/path/key.pem [email protected]
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /path/key.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /path/key.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 1.2.3.4:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:a/4u6R0qGP4SviSke0OWOOIaSjqymNvexBZDJ+yoOXc
debug1: Host '1.2.3.4' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:45
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:nd8gr8BrgC88h1hobmvdNMHOWNmWukYc4L0SJswVolk user@host
debug1: Authentications that can continue: publickey
debug1: Trying private key: /path/key.pem
Connection closed by 1.2.3.4 port 22
因此,我停止了該實例,分離了該卷,並將該卷附加到了我能夠登入的實例。這使我能夠掛載磁碟區、存取檔案並研究 ssh 配置和日誌。
這就是我發現用戶帳戶由於某種原因被鎖定的方式:
$ cd /path/to/mounted/volume
$ tail var/log/auth.log
Mar 15 13:10:24 sshd[1145]: Server listening on 0.0.0.0 port 22.
Mar 15 13:10:24 sshd[1145]: Server listening on :: port 22.
Mar 15 13:14:09 sshd[1430]: User ubuntu not allowed because account is locked
Mar 15 13:17:01 CRON[1440]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 15 13:17:01 CRON[1440]: pam_unix(cron:session): session closed for user root
Mar 15 13:26:07 sshd[1473]: User another_user not allowed because account is locked
Mar 15 13:26:07 sshd[1473]: Connection closed by invalid user another_user 212.93.116.117 port 36868 [preauth]
Mar 15 13:27:42 sshd[1475]: Bad protocol version identification '\377\364\377\375\006\033\033' from 212.93.116.117 port 36872
Mar 15 13:28:05 sshd[1476]: User ubuntu not allowed because account is locked
Mar 15 13:36:37 sshd[1145]: Received signal 15; terminating.
當我建立 another_user 並設定金鑰驗證、停用 ssh 密碼登入時,我忘記為其指定非空密碼。因此,這可能是該用戶被鎖定的原因。不管怎樣,我現在正在尋找一種方法來解鎖用戶 ubuntu,至少是暫時的,看看是否可以解決 ssh 存取問題。但是,如您所見,我無法使用系統命令,我需要能夠透過直接編輯系統檔案來完成此操作。
答案1
只需更改一個文件中的一個字元即可使用戶ubuntu再次登入:
$ cd /path/to/mounted/volume
$ sudo nano etc/shadow
# Searh for the row that starts with "ubuntu:!"
# Change the "!" to "*", save, exit
將磁碟區重新附加到損壞的執行個體並啟動後,現在可以使用 ubuntu 使用者正常登入。我仍然不知道為什麼該用戶會被自動鎖定。關於創建的其他用戶,我認為它被鎖定是因為它的密碼為空,但我沒有參考資料來證明這一點。