下载本文档
版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
【移动应用开发技术】限制用户通过ssh密钥进行认证登陆
为了服务器和用户的安全,禁止用户密码的认证方式,而基于“钥匙”的方式。Last
login:
Fri
Oct
12
14:14:01
2012
from
192.168.7.251
root@Cacti.Nagios:[/root]vi
/etc/ssh/sshd_config
#
$OpenBSD:
sshd_config,v
1.80
2008/07/02
02:24:18
djm
Exp
$
#
This
is
the
sshd
server
system-wide
configuration
file.
See
#
sshd_config(5)
for
more
information.
#
This
sshd
was
compiled
with
PATH=/usr/local/bin:/bin:/usr/bin
#
The
strategy
used
for
options
in
the
default
sshd_config
shipped
with
#
OpenSSH
is
to
specify
options
with
their
default
value
where
#
possible,
but
leave
them
commented.
Uncommented
options
change
a
#
default
value.
#Port
22
#AddressFamily
any
#ListenAddress
0.0.0.0
#ListenAddress
::
#
Disable
legacy
(protocol
version
1)
support
in
the
server
for
new
#
installations.
In
future
the
default
will
change
to
require
explicit
#
activation
of
protocol
1
Protocol
2
←修改后变为此状态,仅使用SSH2
#
HostKey
for
protocol
version
1
#HostKey
/etc/ssh/ssh_host_key
#
HostKeys
for
protocol
version
2
#HostKey
/etc/ssh/ssh_host_rsa_key
#HostKey
/etc/ssh/ssh_host_dsa_key
#
Lifetime
and
size
of
ephemeral
version
1
server
key
#KeyRegenerationInterval
1h
#ServerKeyBits
1024
#
Logging
#
obsoletes
QuietMode
and
FascistLogging
#SyslogFacility
AUTH
SyslogFacility
AUTHPRIV
#LogLevel
INFO
#
Authentication:
#LoginGraceTime
2m
#PermitRootLogin
yes
PermitRootLogin
no
←修改后变为此状态,不允许用root进行登录#StrictModes
yes
#MaxAuthTries
6
#MaxSessions
10
#RSAAuthentication
yes
#PubkeyAuthentication
yes
#AuthorizedKeysFile
.ssh/authorized_keys
#AuthorizedKeysCommand
none
#AuthorizedKeysCommandRunAs
nobody
#
For
this
to
work
you
will
also
need
host
keys
in
/etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication
no
#
similar
for
protocol
version
2
#HostbasedAuthentication
no
#
Change
to
yes
if
you
don't
trust
~/.ssh/known_hosts
for
#
RhostsRSAAuthentication
and
HostbasedAuthentication
#IgnoreUserKnownHosts
no
#
Don't
read
the
user's
~/.rhosts
and
~/.shosts
files
#IgnoreRhosts
yes
#
To
disable
tunneled
clear
text
passwords,
change
to
no
here!
#PasswordAuthentication
yes
PasswordAuthentication
no
←修改后变为此状态,不允许密码方式的登录#PermitEmptyPasswords
no
PermitEmptyPasswords
no
←修改后变为此状态,禁止空密码进行登录"/etc/ssh/sshd_config"
141L,
3941C
written
root@Cacti.Nagios:[/root]vi
/etc/hosts.deny
←修改屏蔽规则,在文尾添加相应行#
#
hosts.deny
This
file
contains
access
rules
which
are
used
to
#
deny
connections
to
network
services
that
either
use
#
the
tcp_wrappers
library
or
that
have
been
#
started
through
a
tcp_wrappers-enabled
xinetd.
#
#
The
rules
in
this
file
can
also
be
set
up
in
#
/etc/hosts.allow
with
a
'deny'
option
instead.
#
#
See
'man
5
hosts_options'
and
'man
5
hosts_access'
#
for
information
on
rule
syntax.
#
See
'man
tcpd'
for
information
on
tcp_wrappers
#
sshd:ALL
←添加这一行,屏蔽来自所有的SSH连接请求"/etc/hosts.deny"
14L,
469C
written
You
have
new
in
/var/spool/mail/root
root@Cacti.Nagios:[/root]vi
/etc/hosts.allow
←修改允许规则,在文尾添加相应行#
#
hosts.allow
This
file
contains
access
rules
which
are
used
to
#
allow
or
deny
connections
to
network
services
that
#
either
use
the
tcp_wrappers
library
or
that
have
been
#
started
through
a
tcp_wrappers-enabled
xinetd.
#
#
See
'man
5
hosts_options'
and
'man
5
hosts_access'
#
for
information
on
rule
syntax.
#
See
'man
tcpd'
for
information
on
tcp_wrappers
#
sshd:192.168.7.
只允许192.168.7。网段的机器ssh登陆~
~
~
"/etc/hosts.allow"
11L,
386C
written
root@Cacti.Nagios:[/root]su
-
admin
admin@Cacti.Nagios:[/data]ssh-keygen
-t
rsa
Generating
public/private
rsa
key
pair.
Enter
file
in
which
to
save
the
key
(/data/.ssh/id_rsa):
Created
directory
'/data/.ssh'.
Enter
passphrase
(empty
for
no
passphrase):
Enter
same
passphrase
again:
Your
identification
has
been
saved
in
/data/.ssh/id_rsa.
Your
public
key
has
been
saved
in
/data/.ssh/id_rsa.pub.
The
key
fingerprint
is:
e5:15:ba:be:59:ef:2e:74:df:b6:ee:e1:6a:24:be:da
admin@Cacti.Nagios
The
key's
randomart
p_w_picpath
is:
+--[
RSA
2048]+
|
.
|
|
.
.
|
|
o
.
|
|
o
o
|
|
S
o
|
|
.
|
|
o.+.
o.|
|
.=.o.
=|
|
.+Eo=B*.|
++
admin@Cacti.Nagios:[/data]ls
-a
.
..
.bash_history
.bash_logout
.bash_profile
.bashrc
lost+found
.ssh
.viminfo
admin@Cacti.Nagios:[/data]cd
.ssh/
admin@Cacti.Nagios:[/data/.ssh]ll
total
8
-rw
1
admin
admin
1751
Oct
12
17:19
id_rsa
-rw-r--r--
1
admin
admin
401
Oct
12
17:19
id_rsa.pub
admin@Cacti.Nagios:[/data/.ssh]cat
~/.ssh/id_rsa.pub
>>
~/.ssh/authorized_keys
admin@Cacti.Nagios:[/data/.ssh]ls
-a
.
..
authorized_keys
id_rsa
id_rsa.pub
admin@Cacti.Nagios:[/data/.ssh]chmod
400
authorized_keys
admin@Cacti.Nagios:[/data/.ssh]ll
-a
total
20
drwx
2
admin
admin
4096
Oct
12
17:20
.
drwxr-xr-x
4
admin
admin
4096
Oct
12
17:19
..
-r
1
admin
admin
401
Oct
12
17:20
authorized_keys
-rw
1
admin
admin
1751
Oct
12
17:19
id_rsa
-rw-r--r--
1
admin
admin
401
Oct
12
17:19
id_r
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 新媒体数据分析 实训 项目1 实训1-新媒体的概念与特征
- 2024公司用工劳动合同
- 2024包船运输合同参考模板
- 2024保证担保合同书模板
- 2024个人股份代持协议
- 2024养鸡场出售合同书
- 2024二手房交易合同书
- 2024司机保密协议书
- 残联一岗双责责任书
- 山东省淄博市2024年高二上学期期末测试英语试题含解析
- 2024年中级银行从业资格《(风险管理)实务》核心考点速记速练200题(详细解析)
- 胸腔闭式引流课件
- 售后服务方案及运维方案
- 西部红色经典歌曲传唱智慧树知到期末考试答案章节答案2024年兰州城市学院
- 2022-2023年中级银行从业资格之中级公司信贷押题练习试卷A卷附答案
- 2024高考物理湖南卷押题模拟含解析
- 2024年河南省郑州市中考英语复习补全对话二测备考课件
- 英语话农史-华夏篇智慧树知到期末考试答案章节答案2024年江西农业大学
- 一年级下册数学教案 - 期末复习丨苏教版
- 第8课良师相伴亦师亦友(课件)-【中职专用】高一思想政治《心理健康与职业生涯》(高教版2023·基础模块)
- 网页制作案例教程HTML5+CSS3课程设计
评论
0/150
提交评论