When using SSH to log in to the ECS instance of the Linux system, if the root user enters the correct password, the following error message will appear.

Note: the non root user can log in normally, and the root user can log in normally through the management terminal.

Permission denied, please try again.

Please check the security log. If it contains the following error message, the problem is usually caused by the SELinux service enabled. Please refer to the solution to the problem caused by SELinux service. In other cases, please refer to the solution to the problem caused by forbidding the root user to log in.

error: Could not get shadow infromation for root.

 
Solutions to problems caused by forbidding root user to log in

Tips:

The related Linux configuration and instructions in this paper have been tested in CentOS 6.5 64 bit operating system. The operating system configuration of other types and versions may be different. Please refer to the official documents of the corresponding release for details. Related policies can improve the security of the server. Users are requested to decide whether to modify the relevant configuration based on the trade-off between security and ease of use.

Please refer to the following steps to check the configuration and modify it.

log in to the ECS instance of Linux system through the management terminal
View /etc/SSH/sshd through cat and other commands_ Whether the config configuration file contains a configuration similar to the following.

PermitRootLogin no

Note: the description of this parameter is as follows.

If the parameter is not configured (by default), or the parameter value is configured to “yes”, the root user is allowed to log in. Only when the parameter value is set to “no”, will the root user be forbidden to log in.

This parameter only affects the root user’s SSH login, and does not affect the root user’s login to the system through the management terminal and other ways.

use VI and other editors to set the parameter value to “yes”, or delete the parameter, or comment (add “#” at the beginning) the whole line configuration. For example: ?Permitrootlogin yes .

Note: it is recommended to back up the configuration file before modification.

execute the following command to restart the SSH service.

service sshd restart

Try logging in to the server again using root. If the problem still exists, you can refer to the troubleshooting guide for remote login failure of ECS Linux SSH for further troubleshooting and analysis

 
Solutions to problems caused by SELinux service

You can choose to temporarily or permanently shut down SELinux service to solve the problem of SSH connection exception according to the needs of the on-site environment.

 
Check SELinux service status

log in to the Linux instance through the management terminal and execute the following command to view the current SELinux service status.

/usr/sbin/sestatus -v 

The system display is similar to the following.

SELinux status:       enabled

Tip: if

The SELinux status parameter is

enabled means that it is in the on state

disabled is off.

 
Temporarily shut down SELinux service

Log in to the Linux instance and execute the following command to temporarily close SELinux.

Tip: temporary modification of SELinux service status is real-time and effective, and there is no need to restart the system or instance.

setenforce 0

 
Permanently shut down SELinux service

Log in to the Linux instance and execute the following command to shut down the SELinux service permanently.

Tip: to permanently modify SELinux service status, you need to restart the system or instance before it can take effect.

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

Tip: this command is only applicable when the SELinux service is in enforcing state.