What to Do If an Error Is Displayed When Starting the SSH Service

What should I do if the error "This account is currently not available." is displayed when I use SSH to remotely connect to the ECS instance of the Linux system?

Problem Phenomenon

When using the SSH command to log in to the ECS instance of the Linux system, even if the correct user name and password are entered, the connection will fail, and the error "This account is currently not available." will be displayed.

Execute cat /var/log/secure to view the login log, and you will find information similar to the following.

Connection to 127.0.0.1 closed.
Received disconnect from 127.0.0.1: 11: disconnected by user.
pam_unix(sshd:session): session closed for user test.

Problem Causes

This problem is usually caused by the modification of the default shell of the corresponding user (such as test) in the user configuration file (/etc/passwd) in the ECS instance, resulting in failure to log in.

Solution

You can modify the shell of the corresponding user (such as test) to solve the problem of being unable to connect remotely.

1. Log in to the ECS instance using VNC.

2. Execute the following command to view the default shell of the corresponding user (such as test).

cat /etc/passwd | grep username

The system displays something similar to the following, indicating that the shell of user test has been changed to /sbin/nologin (login prohibited).

test:x:1000:1000::/home/test:/sbin/nologin

3. Modify the user's Shell.

a. Open the user configuration file (/etc/passwd).

vi /etc/passwd

b. Change the default shell of the corresponding user (such as test) to bash, that is, change /sbin/nologin to /bin/bash, as shown below.

test:x:1000:1000::/home/test:/sbin/nologin

c. Press the Esc key and enter: wq to save the modification.

4. Re-use the user to connect to the Linux instance to ensure normal connection.

What should I do if the error message "must be owned by root and not group or world-writable" is displayed when starting the SSH service in the ECS instance of the Linux system?

Problem Phenomenon

In the ECS instance of the Linux system, the error "must be owned by root and not group or world-writable" is displayed when starting the SSH service.

Failed to start ssh

Problem Causes

Based on security considerations, the SSH service has requirements for service-related directories or file permission configurations, ownership groups, and so on. For example, the /var/empty/sshdOwner attribute and the Group attribute are the root user and the root user group. When the /var/empty/sshdOwner attribute and the Group attribute are other, an exception will occur.

Solution

You can modify the Owner attribute and Group attribute of the /var/empty/sshd directory to solve this problem.

1. Use VNC to remotely connect to the ECS instance.

2. Execute the following command to view the permission configuration of the /var/empty/sshd directory.

ll -d /var/empty/
The system displays something similar to the following, indicating that the Owner attribute and Group attribute of the /var/empty/sshd directory are Linux and Linux, and need to be changed to root user and root user group.

3. Execute the following commands in sequence to restore the default configuration.

Important The following chmod commands are applicable to CentOS 7. Not all Linux distributions have the /var/empty/sshd directory with 711 permissions. You can refer to the instance directory permissions of the same distribution for configuration.

chown -R root:root /var/empty/sshd
chmod -R 711 /var/empty/sshd

4. Run the following command to restart the SSH service.

systemctl restart sshd.service