All Products
Search
Document Center

:What do I do if the "Permission denied, please try again" error message appears when I log on to a Linux instance as the root user by using SSH?

Last Updated:Jan 19, 2023

This topic describes how to resolve the following issue: The "Permission denied, please try again" error message appears when you log on to a Linux instance as the root user by using SSH.

Background information

When you log on to a Linux instance as the root user by using SSH, an error message that is similar to the following one appears regardless of whether you entered the correct password.

Important

You can use SSH to log on to a Linux instance as a non-root user. However, if you want to log on to a Linux instance as the root user, you must use a management terminal.

  • Permission denied, please try again.

  • The SSH server rejected your password. Try again.

Check whether secure logs include the following error message. If the secure logs include the error message, the issue occurs because SELinux is enabled on the instance. To resolve the issue, perform the operations that are described in the Disable SELinux section of this topic. To resolve the issue in other scenarios, perform the operations that are described in the Deny logons by the root user section of this topic.

error: Could not get shadow infromation for root.

Deny logons by the root user

Note
  • The configurations used in this section are already tested on the CentOS 6.5 64-bit operating system. Configurations may vary based on the type and version of the operating system. For more information, see the official documents of Linux distributions.

  • You can configure policies to improve instance security. Determine whether to modify configurations based on your business requirements for security and ease of use.

To check and modify configurations, perform the following steps:

  1. Use a management terminal to log on to a Linux instance.

  2. Run a command, such as a cat command, to check whether the /etc/ssh/sshd_config configuration file contains a line that is similar to the following line:

    PermitRootLogin no
    Note

    Take note of the following items about the PermitRootLogin parameter:

    • If PermitRootLogin is not specified or is set to yes, logons by the root user are allowed. By default, the PermitRootLogin parameter is not specified. If the PermitRootLogin parameter is set to no, logons by the root user are denied.

    • This parameter controls only SSH logons by the root user and does not affect other types of logons by the root user, such as logons by using a management terminal.

  3. Use an editor such as a vi editor to change the value of PermitRootLogin to yes, delete the parameter, or add a number sign (#) in front of the PermitRootLogin line to comment out the line. Example: # PermitRootLogin yes.

    Note

    Before you modify the configurations in the configuration file, we recommend that you back up the file.

  4. Run the following command to restart the SSH service:

    service sshd restart
  5. Log on to the instance as the root user.

  6. If the issue persists, perform the operations that are described in What do I do if I cannot connect to a Linux instance by using SSH? for further troubleshooting.

Disable SELinux

Temporarily or permanently disable the SELinux service based on your business requirements.

Check the status of the SELinux service

  1. Use a management terminal to log on to the Linux instance and run the following command to check the status of the SELinux service:

    /usr/sbin/sestatus -v 

    A command output that is similar to the following one is displayed:

    SELinux status:       enabled
    Note

    Valid values of SELinux status:

    • enabled: The SELinux service is enabled.

    • disabled: The SELinux service is disabled.

Temporarily disable the SELinux service

Log on to the Linux instance and run the following command to temporarily disable the SELinux service.

Note

The SELinux service is immediately disabled after you run the command. You do not need to restart the operating system or the instance.

setenforce 0

Permanently disable the SELinux service

Log on to the Linux instance and run the following command to permanently disable the SELinux service.

Note

After you run the command, you must restart the operating system or the instance for the SELinux service to be disabled.

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
Important

You can use this command only if the SELinux service is in the enforcing state.