经常遇到设置了ulimit参数之后,使用root 用户su 到普通用户发现ulimit已经生效,但是直接用普通用户ssh登陆却不生效的问题,这主要是ssh配置的问题。
解决方法如下:
首先查看ssh的版本,ssh -V
如果版本是7.3及以下:修改/etc/ssh/sshd_config中 UseLogin的值为yes
UseLogin yes后,重启sshd服务service sshd restart即可。
如果版本是7.4及以上,具体步骤如下:
1、修改/etc/ssh/sshd_config的UsePAM no为UsePAM yes
2、修改/etc/pam.d/sshd以及/etc/pam.d/password-auth为之前版本的文件。
具体文件内容如下:
/etc/pam.d/sshd.内容如下
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
/etc/pam.d/password-auth内容如下:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
3、重启sshd
service sshd restart
做以上操作之前,最好开启telnet服务,避免误操作导致主机无法登陆。
开启telnet服务步骤:https://blog.csdn.net/weixin_44723434/article/details/89004585