sudoers

sudoers

关注
发信
关注(28)粉丝(399)

ssh 和 sudo:pam_unix(sudo:auth):对话失败,auth 无法识别 [用户名] 的密码

本文介绍了ssh 和 sudo:pam_unix(sudo:auth):对话失败,auth 无法识别 [用户名] 的密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正面临一种奇怪的行为,试图通过 ssh 以 sudo 身份运行 rsync 并使用无密码登录.这是我用几十台服务器做的事情,我在连接到几个 Ubuntu 18.04.4 服务器时遇到了这个令人沮丧的问题

I'm facing a weird behavior trying to run rsync as sudo through ssh with passwordless login.This is something I do with dozens of servers, I'm having this frustrating problem connecting to a couple of Ubuntu 18.04.4 servers

前提

  1. 从 CLIENT 到 SERVER 的无密码 SSH 使用帐户 USER 工作不错

  1. the passwordless SSH from CLIENT to SERVER with account USER worksnicely

当我登录到 SERVER 时,我可以使用帐户用户

When I'm logged in SERVER I can sudo everything withaccount USER

在服务器上,我将以下内容添加到 /etc/sudoers

On SERVER I've added the following to /etc/sudoers

用户 ALL=NOPASSWD:/usr/bin/rsync

user ALL=NOPASSWD:/usr/bin/rsync

现在,如果我以用户 USER 从机器 CLIENT 启动这个简单的测试,我会收到以下 sudo 错误消息:

Now, if I launch this simple test from machine CLIENT as user USER, I receive the following sudo error message:

$ ssh [email protected] -p 2310 sudo rsync
sudo: no tty present and no askpass program specified

此外,查看服务器的 /var/log/auth.log 我发现了这个错误:

Moreover, looking in the SERVER's /var/log/auth.log I found this errors:

sudo: pam_unix(sudo:auth): conversation failed
sudo: pam_unix(sudo:auth): auth could not identify password for [user]

推荐答案

感谢 Centos,我找到了解决方案.事实上,由于 Centos 中 /etc/sudoers 的配置更复杂(与 Ubuntu 或 Debian 相比),我不得不将我的额外配置放在 /etc 中的外部文件中/sudoers.d/而不是将其直接放入 /etc/sudoers

I've found a solution thanks to Centos. Infact, because of the more complex configuration of /etc/sudoers in Centos (compared to Ubuntu or Debian), I've been forced to put my additional configurations to an external file in /etc/sudoers.d/ instead than putting it directly into /etc/sudoers

解决方案:

  1. 将其他配置直接放入/etc/sudoers 不起作用
  2. 将所需的附加设置放在目录 /etc/sudoers.d/将工作

例如,这些是放在名为 /etc/sudoers.d/my_config_file 的文件中的配置行:

e.g. , these are the config lines put in a file named /etc/sudoers.d/my_config_file:

Host_Alias MYSERVERHOST=192.168.1.135,localhost

# User that will execute Rsync with Sudo from a remote client
rsyncuser MYSERVERHOST=NOPASSWD:/usr/bin/rsync

为什么 /etc/sudoers 不起作用?即使经过两天的互联网搜索,我也不知道.我觉得这非常晦涩和可怕.

Why /etc/sudoers didn't work? It's unknown to me even after two days worth of Internet search. I find this very obscure and awful.

以下是这篇有用文章的引述:https://askubuntu.com/a/931207

What follows is a quote from this useful article: https://askubuntu.com/a/931207

/etc/sudoers不同,/etc/sudoers.d的内容在系统升级后仍然存在,因此最好在那里创建一个文件而不是修改/etc/sudoers.

Unlike /etc/sudoers, the contents of /etc/sudoers.d survive system upgrades, so it's preferrable to create a file there than to modify /etc/sudoers.

要编辑 sudo 使用的任何配置文件,最好使用命令 visudo.

For the editing of any configuration file to be used by sudo the command visudo is preferable.

$ sudo visudo -f /etc/sudoers.d/my_config_file

这篇关于ssh 和 sudo:pam_unix(sudo:auth):对话失败,auth 无法识别 [用户名] 的密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-22 11:37
Powered by LMLPHP ©2024 sudoers 0.043253