±£»¤ÄãµÄLinuxЧÀÍÆ÷£ºÊ¹ÓÃÏÂÁîÐоÙÐÐÉí·ÝÑéÖ¤
±£»¤ÄãµÄLinuxЧÀÍÆ÷£ºÊ¹ÓÃÏÂÁîÐоÙÐÐÉí·ÝÑéÖ¤
ÔÚ»¥ÁªÍøʱ´ú£¬Ð§ÀÍÆ÷Çå¾²ÎÊÌâ±äµÃÓÈΪÖ÷Òª¡£×÷ΪЧÀÍÆ÷ÖÎÀíÔ±£¬Äã±ØÐèÈ·±£ÄãµÄLinuxЧÀÍÆ÷ÔÚÍøÂçÉÏÊÇÇå¾²µÄ¡£³ýÁËʹÓ÷À»ðǽºÍ¼ÓÃÜÐÒéÍ⣬һ¸öÓÐÓõÄÉí·ÝÑéÖ¤»úÖÆÒ²ÊDZ£»¤Ð§ÀÍÆ÷ÃâÊÜδ¾ÊÚȨ»á¼ûµÄÖ÷Òª×é³É²¿·Ö¡£ÔÚ±¾ÎÄÖУ¬ÎÒÃǽ«ÌÖÂÛÔõÑùʹÓÃÏÂÁîÐоÙÐÐÉí·ÝÑéÖ¤À´±£»¤ÄãµÄLinuxЧÀÍÆ÷¡£
ÔÚLinuxϵͳÖУ¬Óм¸ÖÖ³£¼ûµÄÉí·ÝÑéÖ¤»úÖÆ£¬ÈçÃÜÂëÉí·ÝÑéÖ¤¡¢ÃÜÔ¿Éí·ÝÑéÖ¤ºÍË«ÒòËØÉí·ÝÑéÖ¤¡£ÏÂÃæÊÇһЩ³£¼ûµÄÏÂÁîÐй¤¾ßºÍʾÀý£¬¿ÉÒÔ×ÊÖúÄãÉèÖúÍÖÎÀíÕâЩÉí·ÝÑéÖ¤»úÖÆ¡£
ÃÜÂëÉí·ÝÑéÖ¤
ÃÜÂëÉí·ÝÑéÖ¤ÊÇ×î³£¼ûµÄÒ»ÖÖÉí·ÝÑéÖ¤ÒªÁ죬Óû§¿ÉÒÔͨ¹ýÊäÈëÓû§ÃûºÍÃÜÂëÀ´ÑéÖ¤ÆäÉí·Ý¡£ÔÚLinuxϵͳÖУ¬passwdÏÂÁîÓÃÓÚÉèÖú͸ü¸ÄÓû§ÃÜÂë¡£
ҪΪÓû§ÉèÖÃÃÜÂ룬ÇëʹÓÃÒÔÏÂÏÂÁ
sudo passwd username
µÇ¼ºó¸´ÖÆ
ÊäÈëÉÏÊöÏÂÁîºó£¬ÏµÍ³½«ÌáÐÑÄãÊäÈëÐÂÃÜÂëÁ½´Î¡£ÇëÈ·±£ÃÜÂë×ã¹»ÖØ´ó²¢°´ÆÚ¸ü¸Ä¡£
ÃÜÔ¿Éí·ÝÑéÖ¤
ÃÜÔ¿Éí·ÝÑéÖ¤ÊÇÒ»ÖÖ¸üÇå¾²ºÍÀû±ãµÄÉí·ÝÑéÖ¤ÒªÁì¡£Ëü»ùÓÚ¹«Ô¿ºÍ˽ԿµÄ¼ÓÃÜ/½âÃÜ»úÖÆ¡£Ê×ÏÈ£¬ÄãÐèҪΪÓû§ÌìÉúÃÜÔ¿¶Ô¡£Ê¹ÓÃÒÔÏÂÏÂÁîÌìÉúÃÜÔ¿¶Ô£º
ssh-keygen -t rsa
µÇ¼ºó¸´ÖÆ
ÉÏÊöÏÂÁÌìÉúÒ»¸öRSAÃÜÔ¿¶Ô£¬²¢½«ÆäÉúÑÄÔÚÓû§µÄ¼ÒĿ¼ÏµÄ.sshĿ¼ÖС£¹«Ô¿£¨id_rsa.pub£©½«ÓÃÓÚÉí·ÝÑéÖ¤£¬Ë½Ô¿£¨id_rsa£©½«ÉúÑÄÔÚÍâµØÅÌËã»úÉÏ¡£Äã¿ÉÒÔ½«¹«Ô¿¸´ÖƵ½Ô¶³ÌЧÀÍÆ÷ÉϵÄ~/.ssh/authorized_keysÎļþÖУ¬ÈçÏÂËùʾ£º
cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
µÇ¼ºó¸´ÖÆ
ÏÖÔÚ£¬Ã¿´ÎÄãʵÑéʹÓÃsshÅþÁ¬µ½Ô¶³ÌЧÀÍÆ÷ʱ£¬ÏµÍ³½«Ê¹Óù«Ô¿¾ÙÐÐÉí·ÝÑéÖ¤¡£
Ë«ÒòËØÉí·ÝÑéÖ¤
Ë«ÒòËØÉí·ÝÑé֤͎áÁËÃÜÂëºÍÆäËûÒòËØ£¬ÈçÖ¸ÎÆʶ±ð»òÒ»´ÎÐÔÃÜÂë¡£¹ØÓÚÕâÖÖÉí·ÝÑéÖ¤ÒªÁ죬Äã¿ÉÒÔʹÓÃGoogle Authenticator£¬Ò»¸ö¿ªÔ´µÄË«ÒòËØÉí·ÝÑé֤ϵͳ¡£
Ê×ÏÈ£¬ÄãÐèҪװÖÃGoogle Authenticator¿Í»§¶Ë¡£ÔÚUbuntuÉÏ£¬Äã¿ÉÒÔʹÓÃÒÔÏÂÏÂÁî¾ÙÐÐ×°Öãº
sudo apt-get install libpam-google-authenticator
µÇ¼ºó¸´ÖÆ
È»ºó£¬ÄãÐèҪΪÿ¸öÒªÆôÓÃË«ÒòËØÉí·ÝÑéÖ¤µÄÓû§ÌìÉúÃÜÔ¿¡£Ê¹ÓÃÒÔÏÂÏÂÁ
google-authenticator
µÇ¼ºó¸´ÖÆ
ÉÏÊöÏÂÁÌìÉúÒ»¸öÃÜÔ¿ºÍÒ»¸ö¶þάÂë¡£Äã¿ÉÒÔʹÓÃGoogle AuthenticatorµÈÓ¦ÓóÌÐòɨÃè¶þάÂ룬²¢½«ÌìÉúµÄÒ»´ÎÐÔÃÜÂëÓëÓû§¾ÙÐйØÁª¡£
×îºó£¬ÄãÐèÒª¸üÐÂPAM£¨Pluggable Authentication Modules£©ÉèÖÃÎļþ£¬ÒÔÆôÓÃË«ÒòËØÉí·ÝÑéÖ¤¡£·¿ª/etc/pam.d/sshdÎļþ£¬²¢Ìí¼ÓÒÔÏÂÐУº
auth required pam_google_authenticator.so
µÇ¼ºó¸´ÖÆ
ÉúÑIJ¢¹Ø±ÕÎļþºó£¬ÖØÐÂÆô¶¯SSHЧÀÍ¡£
±¾ÎÄÖ»ÏÈÈÝÁËһЩ»ù±¾µÄÏÂÁîÐй¤¾ßºÍʾÀý£¬ÓÃÓÚ±£»¤ÄãµÄLinuxЧÀÍÆ÷¡£ÉÐÓÐÆäËû¸ü¸ß¼¶µÄÉí·ÝÑéÖ¤ÒªÁìºÍ¹¤¾ß¿É¹©Ñ¡Ôñ£¬ÈçʹÓÃLDAP»òRADIUS¾ÙÐÐÉí·ÝÑéÖ¤¡£ÎÞÂÛÄãÑ¡ÔñÄÄÖÖÒªÁ죬¶¼ÒªÈ·±£°´ÆÚ¸üÐÂÃÜÂë/ÃÜÔ¿£¬²¢½öÏò¿ÉÐÅÓû§ÊÚÓè»á¼ûȨÏÞ¡£
ͨ¹ýʹÓÃÏÂÁîÐй¤¾ßºÍÉí·ÝÑéÖ¤»úÖÆ£¬Äã¿ÉÒÔΪÄãµÄLinuxЧÀÍÆ÷ÌṩÌØÁíÍâÇå¾²ÐÔ£¬È·±£Ö»ÓÐÊÚȨÓû§¿ÉÒÔ»á¼ûºÍÖÎÀíЧÀÍÆ÷¡£¼Ç×Å£¬±£»¤ÄãµÄЧÀÍÆ÷ÊÇÒ»ÏîÒ»Á¬µÄʹÃü£¬ÐèÒª°´ÆÚÉó²éºÍ¸üÐÂÄãµÄÇå¾²Õ½ÂÔ¡£
±£»¤ÄãµÄЧÀÍÆ÷£¬±£»¤ÄãµÄÊý¾Ý£¬±£»¤ÄãµÄÓû§£¡
ÒÔÉϾÍÊDZ£»¤ÄãµÄLinuxЧÀÍÆ÷£ºÊ¹ÓÃÏÂÁîÐоÙÐÐÉí·ÝÑéÖ¤µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡