ÔõÑùʹÓÃË«ÒòËØÉí·ÝÑéÖ¤±£»¤CentOSЧÀÍÆ÷µÄ»á¼ûÇå¾²
ÔõÑùʹÓÃË«ÒòËØÉí·ÝÑéÖ¤±£»¤centosЧÀÍÆ÷µÄ»á¼ûÇå¾²
ÕªÒª£ºËæ×ÅÍøÂç¹¥»÷µÄÔö¶à£¬±£»¤Ð§ÀÍÆ÷µÄ»á¼ûÇå¾²±äµÃÓÈΪÖ÷Òª¡£Ë«ÒòËØÉí·ÝÑéÖ¤ÊÇÒ»ÖÖÔöǿЧÀÍÆ÷Çå¾²µÄÒªÁì¡£±¾ÎĽ«ÏÈÈÝÔõÑùÔÚCentOSЧÀÍÆ÷ÉÏʹÓÃË«ÒòËØÉí·ÝÑéÖ¤£¬ÒÔÌá¸ß»á¼ûÇå¾²ÐÔ¡£
Òªº¦´Ê£ºË«ÒòËØÉí·ÝÑéÖ¤£¬CentOSЧÀÍÆ÷£¬»á¼ûÇå¾²ÐÔ£¬´úÂëʾÀý
Ò»¡¢Ê²Ã´ÊÇË«ÒòËØÉí·ÝÑéÖ¤
Ë«ÒòËØÉí·ÝÑéÖ¤ÊÇָͨ¹ýʹÓÃÁ½ÖÖÒÔÉϲî±ðµÄÉí·ÝÑéÖ¤ÒªÏòÀ´ÑéÖ¤Óû§µÄÉí·Ý¡£³£¼ûµÄÉí·ÝÑéÖ¤ÒªËØ°üÀ¨£ºÃÜÂë¡¢Ö¸ÎÆ¡¢ÁîÅƵȡ£ÔڹŰåµÄµ¥ÒòËØÉí·ÝÑéÖ¤ÖУ¬Ö»ÐèÒªÊäÈëÓû§ÃûºÍÃÜÂë¼´¿ÉµÇ¼£¬¶øË«ÒòËØÉí·ÝÑéÖ¤ÔòÐèÒªÓû§Ìṩ³ýÁËÃÜÂëÍâµÄÁíÍâÒ»ÖÖÉí·Ý֤ʵ£¬ÒÔÔöÌíÇå¾²ÐÔ¡£
ÔÚ±¾ÎÄÖУ¬ÎÒÃǽ«Ê¹ÓÃÃÜÂëºÍÁîÅÆÕâÁ½ÖÖ²î±ðµÄÉí·ÝÑéÖ¤ÒªÏòÀ´ÊµÏÖË«ÒòËØÉí·ÝÑéÖ¤¡£
¶þ¡¢ÉèÖÃCentOSЧÀÍÆ÷
×°ÖÃËùÐèÈí¼þ°ü
Ê×ÏÈ£¬ÎÒÃÇÐèҪװÖÃËùÐèµÄÈí¼þ°ü¡£ÔÚÖÕ¶ËÖÐÊäÈëÒÔÏÂÏÂÁ
sudo yum install -y epel-release sudo yum install -y pam_radius_auth
µÇ¼ºó¸´ÖÆ
ÉèÖÃRADIUSЧÀÍÆ÷
RADIUS£¨Remote Authentication Dial-In User Service£©Ð§ÀÍÆ÷ÓÃÓÚÑéÖ¤ÁîÅÆ¡£ÔÚ±¾Ê¾ÀýÖУ¬ÎÒÃǽ«Ê¹ÓÃFreeRADIUS×÷ΪRADIUSЧÀÍÆ÷¡£
·¿ªRADIUSЧÀÍÆ÷ÉèÖÃÎļþ/etc/raddb/clients.conf£¬²¢Ìí¼ÓÒÔÏÂÄÚÈÝ£º
client YOUR_SERVER_IP { secret = YOUR_SHARED_SECRET shortname = YOUR_SERVER_NAME }
µÇ¼ºó¸´ÖÆ
½«YOUR_SERVER_IPÌ滻ΪÄãµÄЧÀÍÆ÷IPµØµã£¬YOUR_SHARED_SECRETÌ滻ΪÄãºÍRADIUSЧÀÍÆ÷Ö®¼ä¹²ÏíµÄÉñÒþÃØÔ¿£¬YOUR_SERVER_NAMEÌ滻ΪÄãµÄЧÀÍÆ÷Ãû³Æ¡£
ÖØÆôRADIUSЧÀÍÆ÷ÒÔʹ¸ü¸ÄÉúЧ¡£
ÉèÖÃPAMÄ£¿é
PAM£¨Pluggable Authentication Modules£©Ä£¿éÓÃÓÚ¼¯³ÉÁîÅÆÑéÖ¤¡£ÔÚÖÕ¶ËÖÐÊäÈëÒÔÏÂÏÂÁî·¿ªPAMÄ£¿éÉèÖÃÎļþ£º
sudo vi /etc/pam.d/sshd
µÇ¼ºó¸´ÖÆ
ÔÚÎļþĩβÌí¼ÓÒÔÏÂÄÚÈÝ£º
auth required pam_radius_auth.so debug
µÇ¼ºó¸´ÖÆ
ÉúÑIJ¢¹Ø±ÕÎļþ¡£
ÖØмÓÔØSSHЧÀÍ
ÔÚÖÕ¶ËÖÐÊäÈëÒÔÏÂÏÂÁîÖØмÓÔØSSHЧÀÍ£º
sudo systemctl restart sshd
µÇ¼ºó¸´ÖÆ
Èý¡¢²âÊÔË«ÒòËØÉí·ÝÑéÖ¤
ÏÖÔÚ£¬ÎÒÃÇ¿ÉÒÔ²âÊÔË«ÒòËØÉí·ÝÑéÖ¤ÊÇ·ñÀֳɡ£
ʵÑéͨ¹ýSSHÅþÁ¬µ½Ð§ÀÍÆ÷
ÔÚÖÕ¶ËÖÐÊäÈëÒÔÏÂÏÂÁîʵÑéͨ¹ýSSHÅþÁ¬µ½Ð§ÀÍÆ÷£º
ssh username@your_server_ip
µÇ¼ºó¸´ÖÆ
Çë×¢ÖØ£¬ÕâÀïµÄusernameÊÇÄãµÄЧÀÍÆ÷Óû§Ãû£¬your_server_ipÊÇÄãµÄЧÀÍÆ÷IPµØµã¡£
ÊäÈëÃÜÂë
µ±ÌáÐÑÊäÈëÃÜÂëʱ£¬ÊäÈëÄãµÄÃÜÂë²¢°´Ï»سµ¼ü¡£
ÊäÈëÁîÅÆ´úÂë
½ÓÏÂÀ´£¬Ä㽫±»ÌáÐÑÊäÈëÁîÅÆ´úÂ롣ƾ֤ÄãʹÓõÄÁîÅÆÀàÐÍ£¬ÊäÈëÏìÓ¦µÄ´úÂë²¢°´Ï»سµ¼ü¡£
ÈôÊÇÄãÊäÈëµÄÁîÅÆ´úÂë׼ȷ£¬Ä㽫ÀֳɵǼµ½Ð§ÀÍÆ÷¡£
ËÄ¡¢×ܽá
ͨ¹ýʹÓÃË«ÒòËØÉí·ÝÑéÖ¤À´±£»¤CentOSЧÀÍÆ÷µÄ»á¼ûÇå¾²£¬ÎÒÃÇ¿ÉÒÔÔöÌíЧÀÍÆ÷µÄÇå¾²ÐÔ¡£±¾ÎÄÏÈÈÝÁËÔõÑùÔÚCentOSЧÀÍÆ÷ÉÏÉèÖÃË«ÒòËØÉí·ÝÑéÖ¤£¬²¢ÌṩÁËÏìÓ¦µÄ´úÂëʾÀý¡£Ï£ÍûÕâƪÎÄÕÂÄܹ»×ÊÖúÄã¸üºÃµØ±£»¤Ð§ÀÍÆ÷µÄ»á¼ûÇå¾²ÐÔ¡£
²Î¿¼×ÊÁÏ£º
https://www.tecmint.com/secure-ssh-with-two-factor-authentication-in-centos/
ÒÔÉϾÍÊÇÔõÑùʹÓÃË«ÒòËØÉí·ÝÑéÖ¤±£»¤CentOSЧÀÍÆ÷µÄ»á¼ûÇå¾²µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡