在虚拟机上我正在初始化我能够通过SSH使用公钥认证以一个非root用户(admin)登录,而不能另一个(tbbscraper)登录.我可以在任何日志文件中找到的唯一错误消息是

Sep 18 17:21:04 [REDACTED] sshd[18942]: fatal: Access denied for user tbbscraper by PAM account configuration [preauth]

在客户端,综合症是

$ssh -v -i [REDACTED] tbbscraper@[REDACTED]
...
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: [REDACTED]
debug1: Authentications that can continue: publickey
debug1: Trying private key: [REDACTED]
debug1: read PEM private key done: type RSA
Connection closed by [REDACTED]

将’tbbscraper’更改为’admin’可以成功登录：debug1：身份验证成功(publickey).出现而不是“连接已关闭”消息.

这似乎不是权限问题…

# for x in admin tbbscraper
> do ls -adl /home/$x /home/$x/.ssh /home/$x/.ssh/authorized_keys
> done
drwxr-xr-x 3 admin admin 4096 Sep 18 17:19 /home/admin
drwx------ 2 admin admin 4096 Sep 18 16:53 /home/admin/.ssh
-rw------- 1 admin admin  398 Sep 18 17:19 /home/admin/.ssh/authorized_keys
drwxr-xr-x 3 tbbscraper tbbscraper 4096 Sep 18 17:18 /home/tbbscraper
drwx------ 2 tbbscraper tbbscraper 4096 Sep 18 17:18 /home/tbbscraper/.ssh
-rw------- 1 tbbscraper tbbscraper  398 Sep 18 17:18 /home/tbbscraper/.ssh/authorized_keys

# cmp /home/{admin,tbbscraper}/.ssh/authorized_keys ; echo $?
0

……也不是PAM级别的访问控制问题……

# egrep -v '^(#|$)' /etc/security/*.conf
#

……所以对类似问题的现有答案似乎都不适用.我得到的唯一证据是：

root@[REDACTED] # su - admin
admin@[REDACTED] $

但

root@[REDACTED] # su - tbbscraper
su: Authentication failure
(Ignored)
tbbscraper@[REDACTED] $

这表明一些更大规模的PAM问题,但我找不到任何明显错误的/etc/pam.d中的东西.有任何想法吗？

VM是EC2实例,操作系统是Debian 7.1(亚马逊现成的AMI).

admin:!:15891:0:99999:7:::
tbbscraper:!::15966:0:99999:7:::