Problem description
Failed to log on to a Linux instance because the SSH access permissions for Linux instances are incorrectly configured.
Cause
SSH access permission configurations for Linux instances are inadequate.
Solution
Alibaba Cloud reminds you that:
- Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
- You can modify the configurations and data of instances including but not limited to Elastic Compute Service (ECS) and Relational Database Service (RDS) instances. Before the modification, we recommend that you create snapshots or enable RDS log backup.
- If you have authorized or submitted sensitive information such as the logon account and password in the Alibaba Cloud Management Console, we recommend that you modify such information in a timely manner.
- Detach the system disk of the abnormal ECS instance and attach the disk as a data disk to a normal ECS instance. For more information, seehow to log on to an abnormal system disk by attaching a data disk to an ECS instance. For more information, see Step 1 to step 4.
- Log on to a normal ECS instance, switch to the root user, and run the following command to reset the permissions on the
/var/empty/sshddirectory.chmod 711 /var/empty/sshd
Note: you cannot set permissions to 777.
- See step 5 "how to log on to an abnormal system disk by using an ECS instance as a data disk to restore the system disk of an abnormal ECS instance."
- Remotely log on to the repaired ECS instance and make sure that it is working properly again.
References
After checking the permissions on the /var/empty/sshd directory, you can also see this solution for checking the permissions on the /etc/passwd, /etc/group, /etc/shadow, /etc/gshadow, and /etc/securetty directories. For the correct permissions on each directory, see log on to the other directories.
Application scope
- Elastic Compute Service