问题描述:

实现Linux秘钥和密码同时认证

解决方案:

vim /etc/ssh/sshd_config

基本参数:

PermitRootLogin yes         #允许root认证登录
PasswordAuthentication yes  #允许密码认证

RSAAuthentication yes       #秘钥认证
PubkeyAuthentication yes    
详细参数列表
[root@zabbix ~]# cat /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.80 // :: djm Exp $ # This is the sshd server system-wide configuration file. See
# sshd_config() for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value. #Port 22 #ssh默认端口
#AddressFamily any
#ListenAddress 0.0.0.0 #绑定监听IP
#ListenAddress :: # Disable legacy (protocol version ) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol
Protocol # HostKey for protocol version
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version server key
#KeyRegenerationInterval 1h
#ServerKeyBits # Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO # Authentication: #LoginGraceTime 2m
#PermitRootLogin yes #允许root认证登录
#StrictModes yes
#MaxAuthTries
#MaxSessions #RSAAuthentication yes #秘钥认证
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys #默认公钥存放的位置
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes #允许密码认证 # Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no # Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes # GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes # Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS #AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval
#ClientAliveCountMax
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups ::
#PermitTunnel no
#ChrootDirectory none # no default banner path
#Banner none # override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

相关文章:

Putty SSH秘钥登录使用:         http://www.cnblogs.com/xiaochina/p/5793940.html

ssh_config与sshd_config却别:http://www.cnblogs.com/xiaochina/p/5802008.html

ssh对登陆限制:                       http://www.cnblogs.com/xiaochina/p/5920057.html

Linux ssh服务开启秘钥和密码认证的更多相关文章

  1. windows 上 OpenSSH 服务 启用秘钥登录(微软真心逆天)

    windows 上 OpenSSH 服务 启用秘钥登录(微软真心逆天) windows 安装 OpenSSH 服务 最近需要在windows 服务器上部署自动发布程序,那么就需要用到 scp 和 ss ...

  2. Linux之间配置免秘钥访问

    环境说明 [root@localhost1 ~]# cat /etc/redhat-release CentOS release 6.5 (Final) [root@localhost1 ~]# un ...

  3. git乌龟http/https以及ssh clone的秘钥配置永久免密码登录设置

    1.安装 安装Git 安装TortoiseGit 乌龟客户端 首先下载安装一个git客户端这个就不多说了基本就是next一直到底 安装后首次新建一个项目project在git服务器上 2.配置 1.注 ...

  4. linux服务搭建----ssh服务开启

    //ssh  服务     ssh 192.168.88.254         如何开启   service sshd restart     关掉该服务 servicesshd stop     ...

  5. linux系统的ssh服务开启方法

      操作方法: 1.编辑sshd_config文件 root@linux:~# vi /etc/ssh/sshd_config 2.检查如下配置项: PasswordAuthentication ye ...

  6. linux之kali系统ssh服务开启

    1.修改sshd_config文件,命令为:vi /etc/ssh/sshd_config 2.将#PasswordAuthentication no的注释去掉,并且将NO修改为YES  //我的ka ...

  7. linux——ssh服务

    SSH服务(TCP端口号22):安全的命令解释器 为客户机提供安全的Shell 环境,用于远程管理 SSH基于公钥加密(非对称加密)技术: 数据加密传输: 客户端和服务器的身份验证: 公钥 和 私钥 ...

  8. Hadoop中ssh+IP、ssh+别名免秘钥登录配置

    1.为什么要进行 SSH 无密码验证配置? Hadoop运行过程中需要管理远端Hadoop守护进程,在Hadoop启动以后,NameNode是通过SSH(Secure Shell)来启动和停止各个Da ...

  9. SSH公/私秘钥的生成及使用

    如果使用GitHub比较多的朋友,对SSH Key肯定也不陌生,当我们SSH进行代码的pull&push时,往往需要我们配置SSH Key. 如果Linux用的多朋友,肯定对SSH Key都很 ...

随机推荐

  1. duplicate symbol _main in: / linker command failed with exit code 1

    duplicate symbol _main in: /Users/mb467/Library/Developer/Xcode/DerivedData/barChartDemo-gevlnavnpan ...

  2. CSDN积分规则具体解释--【叶子】

    前记:在CSDN的社区支持板块,常常看到有人提问,为什么有积分却不能下载,此类问题层出不穷,而论坛的各种积分制度说明又非常分散,不便于寻找,为了方便新注冊用户高速了解论坛的积分规则,也为了降低社区支持 ...

  3. swing入门教程

    (转自http://terrificwanjun.bokee.com/) UI 组件简介 在开始学习 Swing 之前,必须回答针对真正初学者的一个问题:什么是 UI?初学者的答案是“用户界面”.但是 ...

  4. LeetCode: Implement strStr() [027]

    [题目] Implement strStr(). Returns a pointer to the first occurrence of needle in haystack, or null if ...

  5. R语言缺点

    R的优点:免费,开源,体积小.缺点:对大文本处理差,另外一个也在于开源,package如果出错,烦死你.当你跑比较大的simulation,对效率有要求的时候,有时还是不得不用C,这可能是10小时和1 ...

  6. poj 2585 Window Pains 解题报告

    Window Pains Time Limit: 1000MS   Memory Limit: 65536K Total Submissions: 2027   Accepted: 1025 Desc ...

  7. 【BZOJ】【1419】Red is good

    数学期望/期望DP 还是戳<浅析竞赛中一类数学期望问题的解决方法>这篇论文…… $$ f[i][j]= \begin{cases} 0 &, &i==0 \\ f[i-1] ...

  8. @JVM垃圾回收调优方法

    JVM调优工具 Jconsole,jProfile,VisualVM Jconsole:jdk自带,功能简单,但是可以在系统有一定负荷的情况下使用.对垃圾回收算法有很详细的跟踪. JProfiler: ...

  9. Keras Data augmentation(数据扩充)

    在深度学习中,我们经常需要用到一些技巧(比如将图片进行旋转,翻转等)来进行data augmentation, 来减少过拟合. 在本文中,我们将主要介绍如何用深度学习框架keras来自动的进行data ...

  10. 关于opacity的思考

    今天在封装图片轮播的插件的时候,产生了这个opacity的小小思考. 我这个轮播的思路不是以前baidu输入法官网的设置外层容器overflow为hidden,position为relative用se ...