bug 报告如下

https://bugzilla.redhat.com/show_bug.cgi?id=855282

 

如果你的线上环境是fc17,而你又有一大堆需要ssh的自动化脚本工具需要运行，这是可能你就需要优化一下fc17中ssh关于pam认证的部分了。 需要吧 和systemd-login 以及systemd-journa部分的认证关联关闭

 

具体配置文件看

bkops@a04921]/etc/pam.d% more password-auth-ac #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth        required      pam_env.so auth        sufficient    pam_unix.so nullok try_first_pass auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success auth        required      pam_deny.so   account     required      pam_unix.so account     sufficient    pam_localuser.so account     sufficient    pam_succeed_if.so uid < 1000 quiet account     required      pam_permit.so   password    requisite     pam_pwquality.so try_first_pass retry=3 type= password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok password    required      pam_deny.so   session     optional      pam_keyinit.so revoke session     required      pam_limits.so -session     optional      pam_systemd.so session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session     required      pam_unix.so

 

如果是大量线上环境，那么就建议重新修改spec文件，编译成自己公司使用的rpm包进行内部分发。