Ubuntu
解鎖 AWS 託管的 Ubuntu 伺服器使用者帳戶,只能訪問文件系統
我使用其中一個 Ubuntu Server AMI 啟動了一個 AWS 實例,使用預設使用者 (ubuntu) 和密鑰文件成功登錄,安裝了一些東西,添加了一些使用者,斷開連接並忘記了幾個星期。
今天我發現我不能再 ssh 到它了,使用第一次沒問題的相同憑據:
$ ssh -i ~/path/key.pem ubuntu@1.2.3.4 Connection closed by 1.2.3.4 port 22 $ ssh -v -i ~/path/key.pem ubuntu@1.2.3.4 OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /path/key.pem type -1 debug1: key_load_public: No such file or directory debug1: identity file /path/key.pem-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 1.2.3.4:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:a/4u6R0qGP4SviSke0OWOOIaSjqymNvexBZDJ+yoOXc debug1: Host '1.2.3.4' is known and matches the ECDSA host key. debug1: Found key in /home/user/.ssh/known_hosts:45 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:nd8gr8BrgC88h1hobmvdNMHOWNmWukYc4L0SJswVolk user@host debug1: Authentications that can continue: publickey debug1: Trying private key: /path/key.pem Connection closed by 1.2.3.4 port 22所以我停止了實例,分離了卷,並將捲附加到我能夠登錄的實例上。這允許我掛載卷、訪問文件並研究 ssh 配置和日誌。
這就是我發現使用者帳戶由於某種原因被鎖定的方式:
$ cd /path/to/mounted/volume $ tail var/log/auth.log Mar 15 13:10:24 sshd[1145]: Server listening on 0.0.0.0 port 22. Mar 15 13:10:24 sshd[1145]: Server listening on :: port 22. Mar 15 13:14:09 sshd[1430]: User ubuntu not allowed because account is locked Mar 15 13:17:01 CRON[1440]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 15 13:17:01 CRON[1440]: pam_unix(cron:session): session closed for user root Mar 15 13:26:07 sshd[1473]: User another_user not allowed because account is locked Mar 15 13:26:07 sshd[1473]: Connection closed by invalid user another_user 212.93.116.117 port 36868 [preauth] Mar 15 13:27:42 sshd[1475]: Bad protocol version identification '\377\364\377\375\006\033\033' from 212.93.116.117 port 36872 Mar 15 13:28:05 sshd[1476]: User ubuntu not allowed because account is locked Mar 15 13:36:37 sshd[1145]: Received signal 15; terminating.當我創建 another_user 並設置密鑰身份驗證,禁用 ssh 密碼登錄時,我忘記為其指定非空密碼。因此,這可能是該使用者被鎖定的原因。無論如何,我現在正在尋找一種方法來解鎖使用者 ubuntu,至少是暫時的,看看是否能解決 ssh 訪問問題。但是,如您所見,我不能使用系統命令,我需要能夠通過直接編輯系統文件來做到這一點。
更改一個文件中的一個字元就足夠了,以使使用者
ubuntu再次登錄:$ cd /path/to/mounted/volume $ sudo nano etc/shadow # Searh for the row that starts with "ubuntu:!" # Change the "!" to "*", save, exit將捲重新附加到損壞的實例並啟動它後,現在可以使用使用者 ubuntu 正常登錄。我仍然不知道為什麼這個使用者被自動鎖定。關於創建的另一個使用者,我假設它被鎖定,因為它的密碼為空,但我沒有參考來證明它。