Issue
When you connect to a Linux instance in SH, the following error message appears in the command line or secure log even after the password is entered correctly.
Permission denied, please try again.
error: Could not get shadow infromation for root.
Cause
This problem is usually caused by the SELinux service enabled on the system.
Solution
Take note of the following items:
- Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
- Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
- If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.
You can choose to temporarily or permanently disable the SELinux service to resolve SSH connection exception based on the requirements of the on-site environment.
Check the SELinux service status
- Log on to the Linux instance through the management terminal, and run the following command to view the current SELinux service status:
/usr/sbin/sestatus -v
If an output similar to the following one is returned, one of the solutions is applicable to your system kernel version:SELinux status: enabled
Tip: If the
SELinux status
parameter isenabled
, it is on, and if it isdisabled
, it is off.
Temporarily disable the SELinux service
Log on to the Linux instance and run the following command to temporarily disable SELinux:
Note: Temporarily modify the SELinux service status. If the SELinux service status takes effect in real time, you do not need to restart the system or instance.
setenforce 0
Disable SELinux services permanently
Log on to the Linux instance and run the following command to permanently disable the SELinux service:
Note: To permanently modify the SELinux service status, you must restart the system or instance to take effect.
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
Tip: This command is only applicable when the current SELinux service is in the
enforcing
state.
Applicable scope
- Elastic Compute Service (ECS)