How to handle the "Permission denied, please try again" error that appears when you log on to a Linux simple application server as the root user by using SSH - Simple Application Server

This topic describes the causes of and solutions to the issue that the "Permission denied, please try again" error message appears when you connect to a Linux Elastic Compute Service (ECS) instance from an SSH client.

Problem description

When you try to log on to a Linux simple application server by using an on-premises SSH client, even if you enter the correct password, an error message similar to the following one appears.

Permission denied, please try again.
The SSH server rejected your password. Try again.

Causes

The preceding issue may be caused by the following reasons:

Deny logons by the root user in the simple application server: The PermitRootLogin or PasswordAuthentication parameter in the /etc/ssh/sshd_config configuration file of the SSH service is set to no. For information about how to resolve the issue, see Deny logons by the root user.
- PermitRootLogin is set to no, logons by the root user are denied.
- PasswordAuthentication is set to no, password-based logons are denied, but key-based logons are allowed.
The SELinux service is enabled on the server: If SELinux is enabled on a server, an error may be reported when you attempt to connect to the server as a root user or regular user.
Run the cat /var/log/secure command to query the secure log. If the log contains error: Could not get shadow information for root., SELinux is enabled. For information about how to resolve the issue, see Disable SELinux.

Solution if the issue is caused by Reason 1

Use the rescue feature to connect to the simple application server. For more information, see Connect to a Linux server by using the rescue feature.
Check the value of the PermitRootLogin or PasswordAuthentication parameter in the /etc/ssh/sshd_config file.
```
cat /etc/ssh/sshd_config
```
The command output shown in the following figure is returned. In the command output, the PermitRootLogin and PasswordAuthentication parameters are set to no, which indicates that logons by the root user and password-based logons are denied.
Change the values of the PermitRootLogin and PasswordAuthentication parameters based on your business requirements.
1. Open the SSH configuration file.
```
vi /etc/ssh/sshd_config
```
2. Change the values of the PermitRootLogin and PasswordAuthentication parameters.
  - To allow logons by the root user, set the PermitRootLogin parameter to yes.
  - To allow password-based logons, set the PasswordAuthentication parameter to yes.
3. Press the Esc key and enter :wq to save the changes.
Run the following command to restart the SSH service:
```
systemctl restart sshd.service
```

Solution if the issue is caused by Reason 2

You can temporarily or permanently disable SELinux based on your business requirements to resolve the issue.

Check the status of SELinux.
1. Use the rescue feature to connect to the simple application server. For more information, see Connect to a Linux server by using the rescue feature.
2. Run the following command to view the status of SELinux:
```
/usr/sbin/sestatus -v 
```
  Sample output:
```
SELinux status:       enabled
```
  Note
  Valid values:
  - enabled: SELinux is enabled.
  - disabled: SELinux is disabled.
Disable SELinux.
Temporarily disable SELinux
Run the following command to temporarily disable SELinux:
```
setenforce 0
```
Permanently disable SELinux
1. Run the following command to permanently disable SELinux:
```
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
```
  Note
  You can use the preceding command only if SELinux is in the enforcing state.
2. Restart the server to allow the setting to take effect. For more information, see View server information.

Problem description

Causes

Solution if the issue is caused by Reason 1

Solution if the issue is caused by Reason 2

Temporarily disable SELinux

Permanently disable SELinux