Hi All,
I am facing a weird issue with CentOS8. I reset the password or create a new user or add a user to a group, I loose access to root user account. I have key auth for root user from my jump server, but that login error out with permission denied once this issue start.
A work around I found is reboot the server and wait for some time. Then I will be able to login as root or even sudo from a normal user to root. I checked messages and audit logs and can see only login failed errors similar to password incorrect. I am sure password is correct and key auth is working fine. Only login to root user has issue. Other users are fine.
Any leads?
Cannot ssh or sudo to root
Re: Cannot ssh or sudo to root
Read /var/log/secure.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Cannot ssh or sudo to root
Secure logs is as below. I see a message "Cannot create session: Already running in a session or user slice".
Code: Select all
Aug 31 11:19:56 servername sshd[8846]: Accepted publickey for username from jumpserverip port 41898 ssh2: RSA SHA256:blah/blahdd/bledff
Aug 31 11:19:56 servername systemd[8849]: pam_unix(systemd-user:session): session opened for user username by (uid=0)
Aug 31 11:19:56 servername sshd[8846]: pam_unix(sshd:session): session opened for user username by (uid=0)
Aug 31 11:19:57 servername sudo[8890]: username : TTY=pts/0 ; PWD=/home/username ; USER=root ; COMMAND=/bin/su -
Aug 31 11:19:57 servername sudo[8890]: pam_systemd(sudo:session): Cannot create session: Already running in a session or user slice
Aug 31 11:19:57 servername sudo[8890]: pam_unix(sudo:session): session opened for user root by username(uid=0)
Aug 31 11:19:57 servername su[8891]: pam_systemd(su-l:session): Cannot create session: Already running in a session or user slice
Aug 31 11:19:57 servername su[8891]: pam_unix(su-l:session): session opened for user root by username(uid=0)
Aug 31 11:20:08 servername su[8891]: pam_unix(su-l:session): session closed for user root
Aug 31 11:20:08 servername sudo[8890]: pam_unix(sudo:session): session closed for user root
Aug 31 11:20:10 servername sshd[8858]: Received disconnect from jumpserverip port 41898:11: disconnected by user
Aug 31 11:20:10 servername sshd[8858]: Disconnected from user username jumpserverip port 41898
Aug 31 11:20:10 servername sshd[8846]: pam_unix(sshd:session): session closed for user username