Linux ssh服务开启秘钥和密码认证
2024-09-03 19:10:28
问题描述:
实现Linux秘钥和密码同时认证
解决方案:
vim /etc/ssh/sshd_config
基本参数:
PermitRootLogin yes #允许root认证登录
PasswordAuthentication yes #允许密码认证 RSAAuthentication yes #秘钥认证
PubkeyAuthentication yes
详细参数列表
[root@zabbix ~]# cat /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.80 // :: djm Exp $ # This is the sshd server system-wide configuration file. See
# sshd_config() for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value. #Port 22 #ssh默认端口
#AddressFamily any
#ListenAddress 0.0.0.0 #绑定监听IP
#ListenAddress :: # Disable legacy (protocol version ) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol
Protocol # HostKey for protocol version
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version server key
#KeyRegenerationInterval 1h
#ServerKeyBits # Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO # Authentication: #LoginGraceTime 2m
#PermitRootLogin yes #允许root认证登录
#StrictModes yes
#MaxAuthTries
#MaxSessions #RSAAuthentication yes #秘钥认证
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys #默认公钥存放的位置
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes #允许密码认证 # Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no # Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes # GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes # Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS #AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval
#ClientAliveCountMax
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups ::
#PermitTunnel no
#ChrootDirectory none # no default banner path
#Banner none # override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
相关文章:
Putty SSH秘钥登录使用: http://www.cnblogs.com/xiaochina/p/5793940.html
ssh_config与sshd_config却别:http://www.cnblogs.com/xiaochina/p/5802008.html
ssh对登陆限制: http://www.cnblogs.com/xiaochina/p/5920057.html
最新文章
- ubuntu下安装了express2.5.8,如何更新它?
- HDU 3333 | Codeforces 703D 树状数组、离散化
- 关于DWZ模板中全选的使用
- Hbase的安装(hadoop-2.6.0,hbase1.0)
- Multiple dex files define Lcom/sina/sso/RemoteSSO错误解决办法
- PHP扩展开发(5) - PHP常量的定义和读取
- SqlServer中代理作业实现总结
- 向日葵sunlogin配置
- AES高级加密标准简析
- varnish与squid缓存效率对比实例
- 面试挂了阿里却拿到网易offer,一个三年Java程序员的面试总结!
- Activiti工作流搭建---初始化数据库
- JMS和AMQP的区别
- Navicat连接mysql备份数据库提示:1577 – Cannot proceed because system tables used by Event Scheduler where found damaged at server start
- mysqldump导出数据时,某些表不导出,排除某些表,不导出某些表
- pandas更换index,column名称
- django csrf使用教程,解决Forbidden (403)CSRF verification failed. Request aborted.
- 客户端负载均衡Feign之四:Feign配置
- tengine 增加ngx_http_cache_purge_module 模块
- Xcode控制台命令