溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

安裝google-authenticator實現動態密碼

發布時間:2020-04-15 19:22:48 來源:網絡 閱讀:2037 作者:double08 欄目:安全技術

1、依賴包安裝:

yum -y install mercurial pam-devel

2、安裝Google Authenticator:

git clone https://code.google.com/p/google-authenticator/
cd google-authenticator/google-authenticator/libpam 
make && make install

[ libpam]# make install

cp pam_google_authenticator.so /lib64/security

cp google-authenticator /usr/local/bin

 

3、編輯ssh相關配置文件(認證等) 
SSH登錄時調用google-authenticator模塊,編輯添加如下內容:

vi /etc/pam.d/sshd
auth      required    pam_google_authenticator.so

修改SSH配置文件:

vim /etc/ssh/sshd_config

添加或修改以下內容:

ChallengeResponseAuthentication yes
UsePAM yes
/etc/init.d/sshd restart 

4、然后使用Google-authenticator命令創建隨機密碼,操作如下(默認都是y):

[root@clone2 libpam]# google-authenticator
Do you want authentication tokens to be time-based (y/n) y
https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@clone2%3Fsecret%3DZSQBUSM3WEXZDQRR
Your new secret key is: ZSQBUSM3WEXZDQRR
Your verification code is 198178
Your emergency scratch codes are:
  16050151
  22929943
  74444984
  23544107
  20880478
Do you want me to update your "/root/.google_authenticator" file (y/n) y
Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n) y
By default, tokens are good for 30 seconds and in order to compensate for
possible time-skew between the client and the server, we allow an extra
token before and after the current time. If you experience problems with poor
time synchronization, you can increase the window from its default
size of 1:30min to about 4min. Do you want to do so (y/n) y
If the computer that you are logging into isn't hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y 

·         其中,

·         https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@clone2%3Fsecret%

·         上述鏈接可以直接用手機客戶端掃描,進行配置。

然后就可以在手機上安裝google-authenticator客戶端,通過輸入私鑰即可實時顯示密碼
以后再遠程登錄的時候就會彈出驗證碼,而要輸入客戶端上實時產生的動態驗證碼才能進行登錄;

§  注釋:終端登錄的時候secureCRT或者xshell不要用password方式直接登錄,應選擇==鍵盤交互==鑒權方式登錄

 

 

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

亚洲午夜精品一区二区_中文无码日韩欧免_久久香蕉精品视频_欧美主播一区二区三区美女