All Products
Search
Document Center

The error "request" uid >= 1000" not met by user "root "" is prompted when you log on to the Linux ECS instance using SSH

Last Updated: May 10, 2022

Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make a guarantee in any form of the performance and reliability of the third-party products, and potential impacts of operations on these products.

Issue

After you enter the correct username and password when you log on to the Linux ECS instance, you cannot log on to the instance. When this problem occurs, either the management terminal or the SSH client can log on normally, or both methods cannot log on normally. The following error message is displayed when you view the secure log.

pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root".

Cause

Policy configuration of PAM-related modules. Users whose UID is less than 1000 are prohibited from logging in.

Solution

Take note of the following items:

  • Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
  • Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
  • If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.

The configurations and descriptions in this topic have been tested in CentOS 6.5 64-bit operating systems. The configurations of other types and versions of operating systems may vary. For more information, see the official documentation of the corresponding operating system.

  1. Log on to the server through the SSH client or the management terminal.
  2. Run the cat command to view the abnormal logon mode. For the corresponding PAM configuration file, see the following information.
    File Description
    /etc/pam.d/login Console (management terminal) corresponding configuration file
    /etc/pam.d/sshd Login corresponding configuration file
    /etc/pam.d/system-auth System Global Configuration File
    Note: Each PAM-enabled application has a corresponding profile with the same name in the /etc/pam.d directory. For example, if the configuration file of the login command is /etc/pam.d/login, you can configure specific policies in the corresponding configuration file. Check whether the preceding configuration file contains configuration information similar to the following.
    auth required pam_succeed_if.so uid >= 1000
  3. Use the vi editor to modify the configuration in the corresponding configuration file, delete the whole line or add# comments before the paragraph, please refer to the following information.
    Note: We recommend that you back up files before you modify the relevant policy configurations.
    auth required pam_succeed_if.so uid <= 1000 # Modify the policy.
    # auth required pam_succeed_if.so uid >= 1000 # Cancel related configurations 
  4. Attempt to log on to the server again.

References

If there are still problems, please refer to the following documents for further troubleshooting and analysis.

Applicable scope

  • ECS