The passwords on one of my CentOS boxes is no longer accepted by ssh or su for the user clipuser but that same password is accepted by passwd (after su'ing from root to the user).
/var/log/secure doesn't really have anything useful, here is the relevant log entries:
Feb 21 16:58:37 CLIP sshd[2448]: pam_tally3(sshd:auth): user clipuser (500) tally 31, deny 3
Feb 21 16:58:39 CLIP sshd[2448]: Failed password for clipuser from 172.16.66.239 port 33928 ssh2
Any ideas?
Seems like your clipuser account has been locked by the pam_tally module. You either have to wait for the unlock timer to expire, or manually run the
pam_tally --resetcommand.If that happened, then it can only be one thing: The password you used to login was not the password you set with
passwdor you made a typo more than 3 times (or whatever the pam_tally retry count limit is set to in your pam.conf file).You can do a
man pam.confto see more details about the config, orman pam_tallyto read more on the command itself.Sounds like your ssh config is blocking remote access for root and su is probably doing something similar locally. Double check all your configs.