Home > Developer > Linux

Linux SSH service open key and password authentication

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Tag: His use ASC implements RTU Tunnel Gateway amp FTP

Problem Description:

Implement Linux key and password authentication simultaneously

Solution:

Vim/etc/ssh/sshd_config

Basic parameters:

Permitrootlogin Yes         #允许root认证登录
Passwordauthentication Yes  #允许密码认证

Rsaauthentication Yes       #秘钥认证
Pubkeyauthentication Yes   
Detailed parameter list
[Email protected] ~]# cat/etc/ssh/sshd_config # $OpenBSD: Sshd_config,v1.80  -/ -/ Geneva  Geneva: -: -djm Exp $# This isThe SSHD server system-wide configuration file. see# Sshd_config (5) forMore information.# This sshd is compiled with PATH=/usr/local/bin:/bin:/usr/bin# the strategy used forOptionsinchThedefaultsshd_config shipped with# OpenSSH isTo specify options with theirdefaultValuewhere# possible, but leave them commented. uncommented Options Change a#defaultvalue. #Port #ssh默认端口#AddressFamily any#ListenAddress 0.0.0.0 #绑定监听IP#ListenAddress:: # Disable Legacy (Protocol version1) SupportinchThe server for New# installations. in the future thedefaultWould change to requireExplicit# Activation of protocol1Protocol2# Hostkey forProtocol version1#HostKey/etc/ssh/ssh_host_key# Hostkeys forProtocol version2#HostKey/etc/ssh/Ssh_host_rsa_key#hostkey/etc/ssh/ssh_host_dsa_key# Lifetime and size of ephemeral version1Server Key#keyregenerationinterval 1h#serverkeybits1024x768# logging# Obsoletes quietmode and fascistlogging#syslogfacility authsyslogfacility authpriv#loglevel INFO# Authentication: #LoginGraceTime 2m#PermitRootLogin yes #允许root认证登录#StrictModes yes#maxauthtries6#MaxSessionsTen#RSAAuthentication Yes #秘钥认证 #pubkeyauthentication yes#authorizedkeysfile. ssh/ authorized_keys #默认公钥存放的位置#AuthorizedKeysCommand none#authorizedkeyscommandrunas nobody# for ThisTo work you'll also need host keysinch/etc/ssh/ssh_known_hosts#rhostsrsaauthentication no# Similar forProtocol version2#HostbasedAuthentication no# change to YesifYou don'T Trust ~/.ssh/known_hosts for# rhostsrsaauthentication and hostbasedauthentication#ignoreuserknownhosts no# Don'T read the user'S ~/.rhosts and ~/. shosts files#ignorerhosts yes# To disable tunneled clear text passwords!#PasswordAuthentication yes#permitemptypasswords Nopasswordauthentication yes #允许密码认证# change to No Disable S/key passwords#challengeresponseauthentication yeschallengeresponseauthentication no# Kerberos options# Kerberosauthentication no#kerberosorlocalpasswd yes#kerberosticketcleanup Yes#kerberosgetafstoken no# Kerberosusekuserok yes# GSSAPI options#gssapiauthentication nogssapiauthentication yes#gssapicleanupcredentials Yesgssapicleanupcredentials yes#gssapistrictacceptorcheck yes#gssapikeyexchange no# Set ThisTo'Yes'to enable PAM authentication, account processing, # and session processing. If This  isenabled, PAM authentication'll # be allowed through the challengeresponseauthentication and# passwordauthentication  . Depending on your Pam configuration,# PAM authentication via challengeresponseauthentication may bypass# the setting of 
    "Permitrootlogin Without-password". # If You just want the PAM account and session checks to run without# PAM authentication, then enable ThisButSetpasswordauthentication# and Challengeresponseauthentication to'No'. #UsePAM nousepam yes# Accept locale-related environment variablesacceptenv LANG lc_ctype lc_numeric lc_time lc_collate lc_monetary LC_MESSAGESACCEPTENV Lc_paper lc_name lc_address lc_telephone lc_measurementacceptenv lc_identification LC_ALL LANGUAGEAcceptEnv XMODIFIERS #AllowAgentForwarding yes#allowtcpforwarding yes#gatewayports no#x11forwarding nox11forwarding yes#x11displayoffset Ten#X11UseLocalhost yes#printmotd yes#printlastlog yes#tcpkeepalive yes#uselogin no#useprivilegeseparation yes# Permituserenvironment no#compression Delayed#clientaliveinterval0#ClientAliveCountMax3#ShowPatchLevel No#usedns yes#pidfile/var/run/sshd.pid#maxstartupsTen: -: -#PermitTunnel no#chrootdirectory none# nodefaultBanner Path#banner none#Override defaultof no Subsystemssubsystem sftp/usr/libexec/openssh/sftp-server# Example of overriding settings on a per-user Basis#match user anoncvs# x11forwarding no# allowtcpforwarding no# forcecommand CVS Server

Related articles:

Putty SSH key login using: http://www.cnblogs.com/xiaochina/p/5793940.html

Ssh_config and Sshd_config but don't: http://www.cnblogs.com/xiaochina/p/5802008.html

SSH to login restrictions: http://www.cnblogs.com/xiaochina/p/5920057.html

Linux SSH service open key and password authentication

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ssh key and password ssh config key authentication ssh key authentication centos disable password authentication ssh es ssh key authentication work ssh key linux login import ssh key linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More