国产99久久精品_欧美日本韩国一区二区_激情小说综合网_欧美一级二级视频_午夜av电影_日本久久精品视频

最新文章專題視頻專題問答1問答10問答100問答1000問答2000關(guān)鍵字專題1關(guān)鍵字專題50關(guān)鍵字專題500關(guān)鍵字專題1500TAG最新視頻文章推薦1 推薦3 推薦5 推薦7 推薦9 推薦11 推薦13 推薦15 推薦17 推薦19 推薦21 推薦23 推薦25 推薦27 推薦29 推薦31 推薦33 推薦35 推薦37視頻文章20視頻文章30視頻文章40視頻文章50視頻文章60 視頻文章70視頻文章80視頻文章90視頻文章100視頻文章120視頻文章140 視頻2關(guān)鍵字專題關(guān)鍵字專題tag2tag3文章專題文章專題2文章索引1文章索引2文章索引3文章索引4文章索引5123456789101112131415文章專題3
問答文章1 問答文章501 問答文章1001 問答文章1501 問答文章2001 問答文章2501 問答文章3001 問答文章3501 問答文章4001 問答文章4501 問答文章5001 問答文章5501 問答文章6001 問答文章6501 問答文章7001 問答文章7501 問答文章8001 問答文章8501 問答文章9001 問答文章9501
當(dāng)前位置: 首頁 - 科技 - 知識百科 - 正文

限制用戶通過ssh密鑰進(jìn)行認(rèn)證登陸

來源:懂視網(wǎng) 責(zé)編:小采 時間:2020-11-09 08:22:28
文檔

限制用戶通過ssh密鑰進(jìn)行認(rèn)證登陸

限制用戶通過ssh密鑰進(jìn)行認(rèn)證登陸:為了服務(wù)器和 用戶 的安全,禁止 用戶 密碼的 認(rèn)證 方式,而基于鑰匙的方式。 Lastlogin:FriOct1214:14:012012from192.168.7.251 root@Cacti.Nagios:[/root] vi/etc/ssh/sshd_config #$OpenBSD:sshd_config,v1.8
推薦度:
導(dǎo)讀限制用戶通過ssh密鑰進(jìn)行認(rèn)證登陸:為了服務(wù)器和 用戶 的安全,禁止 用戶 密碼的 認(rèn)證 方式,而基于鑰匙的方式。 Lastlogin:FriOct1214:14:012012from192.168.7.251 root@Cacti.Nagios:[/root] vi/etc/ssh/sshd_config #$OpenBSD:sshd_config,v1.8

為了服務(wù)器和 用戶 的安全,禁止 用戶 密碼的 認(rèn)證 方式,而基于鑰匙的方式。 Lastlogin:FriOct1214:14:012012from192.168.7.251 root@Cacti.Nagios:[/root] vi/etc/ssh/sshd_config #$OpenBSD:sshd_config,v1.802008/07/0202:24:18djmExp$ #Thisisthesshdse

為了服務(wù)器和用戶的安全,禁止用戶密碼的認(rèn)證方式,而基于“鑰匙”的方式。

  1. Last login: Fri Oct 12 14:14:01 2012 from 192.168.7.251
  2. root@Cacti.Nagios:[/root]vi /etc/ssh/sshd_config
  3. # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
  4. # This is the sshd server system-wide configuration file. See
  5. # sshd_config(5) for more information.
  6. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
  7. # The strategy used for options in the default sshd_config shipped with
  8. # OpenSSH is to specify options with their default value where
  9. # possible, but leave them commented. Uncommented options change a
  10. # default value.
  11. #Port 22
  12. #AddressFamily any
  13. #ListenAddress 0.0.0.0
  14. #ListenAddress ::
  15. # Disable legacy (protocol version 1) support in the server for new
  16. # installations. In future the default will change to require explicit
  17. # activation of protocol 1
  18. Protocol 2 ← 修改后變?yōu)榇藸顟B(tài),僅使用SSH2
  19. # HostKey for protocol version 1
  20. #HostKey /etc/ssh/ssh_host_key
  21. # HostKeys for protocol version 2
  22. #HostKey /etc/ssh/ssh_host_rsa_key
  23. #HostKey /etc/ssh/ssh_host_dsa_key
  24. # Lifetime and size of ephemeral version 1 server key
  25. #KeyRegenerationInterval 1h
  26. #ServerKeyBits 1024
  27. # Logging
  28. # obsoletes QuietMode and FascistLogging
  29. #SyslogFacility AUTH
  30. SyslogFacility AUTHPRIV
  31. #LogLevel INFO
  32. # Authentication:
  33. #LoginGraceTime 2m
  34. #PermitRootLogin yes
  35. PermitRootLogin no ← 修改后變?yōu)榇藸顟B(tài),不允許用root進(jìn)行登錄
  36. #StrictModes yes
  37. #MaxAuthTries 6
  38. #MaxSessions 10
  39. #RSAAuthentication yes
  40. #PubkeyAuthentication yes
  41. #AuthorizedKeysFile .ssh/authorized_keys
  42. #AuthorizedKeysCommand none
  43. #AuthorizedKeysCommandRunAs nobody
  44. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  45. #RhostsRSAAuthentication no
  46. # similar for protocol version 2
  47. #HostbasedAuthentication no
  48. # Change to yes if you don't trust ~/.ssh/known_hosts for
  49. # RhostsRSAAuthentication and HostbasedAuthentication
  50. #IgnoreUserKnownHosts no
  51. # Don't read the user's ~/.rhosts and ~/.shosts files
  52. #IgnoreRhosts yes
  53. # To disable tunneled clear text passwords, change to no here!
  54. #PasswordAuthentication yes
  55. PasswordAuthentication no ← 修改后變?yōu)榇藸顟B(tài),不允許密碼方式的登錄
  56. #PermitEmptyPasswords no
  57. PermitEmptyPasswords no ← 修改后變?yōu)榇藸顟B(tài),禁止空密碼進(jìn)行登錄
  58. "/etc/ssh/sshd_config" 141L, 3941C written
  59. root@Cacti.Nagios:[/root]vi /etc/hosts.deny ← 修改屏蔽規(guī)則,在文尾添加相應(yīng)行
  60. #
  61. # hosts.deny This file contains access rules which are used to
  62. # deny connections to network services that either use
  63. # the tcp_wrappers library or that have been
  64. # started through a tcp_wrappers-enabled xinetd.
  65. #
  66. # The rules in this file can also be set up in
  67. # /etc/hosts.allow with a 'deny' option instead.
  68. #
  69. # See 'man 5 hosts_options' and 'man 5 hosts_access'
  70. # for information on rule syntax.
  71. # See 'man tcpd' for information on tcp_wrappers
  72. #
  73. sshd:ALL ← 添加這一行,屏蔽來自所有的SSH連接請求
  74. "/etc/hosts.deny" 14L, 469C written
  75. You have new mail in /var/spool/mail/root
  76. root@Cacti.Nagios:[/root]vi /etc/hosts.allow ← 修改允許規(guī)則,在文尾添加相應(yīng)行
  77. #
  78. # hosts.allow This file contains access rules which are used to
  79. # allow or deny connections to network services that
  80. # either use the tcp_wrappers library or that have been
  81. # started through a tcp_wrappers-enabled xinetd.
  82. #
  83. # See 'man 5 hosts_options' and 'man 5 hosts_access'
  84. # for information on rule syntax.
  85. # See 'man tcpd' for information on tcp_wrappers
  86. #
  87. sshd:192.168.7. 只允許192.168.7。網(wǎng)段的機(jī)器ssh登陸
  88. ~
  89. ~
  90. ~
  91. "/etc/hosts.allow" 11L, 386C written
  92. root@Cacti.Nagios:[/root]su - admin
  93. admin@Cacti.Nagios:[/data]ssh-keygen -t rsa
  94. Generating public/private rsa key pair.
  95. Enter file in which to save the key (/data/.ssh/id_rsa):
  96. Created directory '/data/.ssh'.
  97. Enter passphrase (empty for no passphrase):
  98. Enter same passphrase again:
  99. Your identification has been saved in /data/.ssh/id_rsa.
  100. Your public key has been saved in /data/.ssh/id_rsa.pub.
  101. The key fingerprint is:
  102. e5:15:ba:be:59:ef:2e:74:df:b6:ee:e1:6a:24:be:da admin@Cacti.Nagios
  103. The key's randomart image is:
  104. +--[ RSA 2048]----+
  105. | . |
  106. | . . |
  107. | o . |
  108. | o o |
  109. | S o |
  110. | . .... |
  111. | o.+. o.|
  112. | .=.o. =|
  113. | .+Eo=B*.|
  114. +-----------------+
  115. admin@Cacti.Nagios:[/data]ls -a
  116. . .. .bash_history .bash_logout .bash_profile .bashrc lost+found .ssh .viminfo
  117. admin@Cacti.Nagios:[/data]cd .ssh/
  118. admin@Cacti.Nagios:[/data/.ssh]ll
  119. total 8
  120. -rw------- 1 admin admin 1751 Oct 12 17:19 id_rsa
  121. -rw-r--r-- 1 admin admin 401 Oct 12 17:19 id_rsa.pub
  122. admin@Cacti.Nagios:[/data/.ssh]cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  123. admin@Cacti.Nagios:[/data/.ssh]ls -a
  124. . .. authorized_keys id_rsa id_rsa.pub
  125. admin@Cacti.Nagios:[/data/.ssh]chmod 400 authorized_keys
  126. admin@Cacti.Nagios:[/data/.ssh]ll -a
  127. total 20
  128. drwx------ 2 admin admin 4096 Oct 12 17:20 .
  129. drwxr-xr-x 4 admin admin 4096 Oct 12 17:19 ..
  130. -r-------- 1 admin admin 401 Oct 12 17:20 authorized_keys
  131. -rw------- 1 admin admin 1751 Oct 12 17:19 id_rsa
  132. -rw-r--r-- 1 admin admin 401 Oct 12 17:19 id_rsa.pub
  133. 至此,將私鑰id_rsa導(dǎo)出到windows客戶端上。然后刪除生成的公鑰id_rsa.pub。
  134. 重啟sshd服務(wù),使得剛才所做的配置修改生效。
  135. root@Cacti.Nagios:[/root]/etc/rc.d/init.d/sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ]

蟲子的博客

聲明:本網(wǎng)頁內(nèi)容旨在傳播知識,若有侵權(quán)等問題請及時與本網(wǎng)聯(lián)系,我們將在第一時間刪除處理。TEL:177 7030 7066 E-MAIL:11247931@qq.com

文檔

限制用戶通過ssh密鑰進(jìn)行認(rèn)證登陸

限制用戶通過ssh密鑰進(jìn)行認(rèn)證登陸:為了服務(wù)器和 用戶 的安全,禁止 用戶 密碼的 認(rèn)證 方式,而基于鑰匙的方式。 Lastlogin:FriOct1214:14:012012from192.168.7.251 root@Cacti.Nagios:[/root] vi/etc/ssh/sshd_config #$OpenBSD:sshd_config,v1.8
推薦度:
標(biāo)簽: 登錄 用戶 驗證
  • 熱門焦點

最新推薦

猜你喜歡

熱門推薦

專題
Top
主站蜘蛛池模板: 国产欧美成人一区二区三区 | 成人精品久久 | 欧美一区二区三区免费高 | 久久精品99久久香蕉国产色戒 | 欧美日韩精品免费一区二区三区 | 亚洲欧美日韩综合在线播放 | 国产成人精品免费大全 | 中文字幕 日韩有码 | 久久伊人精品一区二区三区 | 免费在线观看的视频 | 中文字幕在线视频精品 | 午夜不卡视频 | 亚洲国产精品一区二区久 | 欧美在线一区二区三区不卡 | 亚洲一区二区三区高清 | 中文国产成人精品久久一区 | 全黄毛片 | 91视频一区二区三区 | 精品久久久一二三区 | 在线播放一区二区 | 欧美在线日韩在线 | 欧美极品尤物在线播放一级 | 性xxxxxx | a男人的天堂久久a毛片 | 国产精品久久久久久久久99热 | 久久久久久久久久久9精品视频 | 日本久久香蕉一本一道 | 精品一区二区三区在线观看 | 亚洲另类第一页 | 国产丝袜在线视频 | xxx欧美888 | 亚洲第8页 | 亚洲欧美日韩在线播放 | 青青草国产在线视频 | 国产福利视精品永久免费 | 亚洲伊人久久大香线蕉综合图片 | 91久久国产综合精品女同国语 | 曰韩三级 | 欧美成人精品第一区二区三区 | 欧美精品日韩 | 欧美爱爱网址 |