Linux SSH service open key and password authentication

Source: Internet
Author: User

Tag: His use ASC implements RTU Tunnel Gateway amp FTP

Problem Description:

Implement Linux key and password authentication simultaneously

Solution:

Vim/etc/ssh/sshd_config

Basic parameters:

Permitrootlogin Yes         #允许root认证登录
Passwordauthentication Yes  #允许密码认证

Rsaauthentication Yes #秘钥认证
Pubkeyauthentication Yes   
Detailed parameter list
[Email protected] ~]# cat/etc/ssh/sshd_config # $OpenBSD: Sshd_config,v1.80  -/ -/ Geneva  Geneva: -: -djm Exp $# This isThe SSHD server system-wide configuration file. see# Sshd_config (5) forMore information.# This sshd is compiled with PATH=/usr/local/bin:/bin:/usr/bin# the strategy used forOptionsinchThedefaultsshd_config shipped with# OpenSSH isTo specify options with theirdefaultValuewhere# possible, but leave them commented. uncommented Options Change a#defaultvalue. #Port #ssh默认端口#AddressFamily any#ListenAddress 0.0.0.0 #绑定监听IP#ListenAddress:: # Disable Legacy (Protocol version1) SupportinchThe server for New# installations. in the future thedefaultWould change to requireExplicit# Activation of protocol1Protocol2# Hostkey forProtocol version1#HostKey/etc/ssh/ssh_host_key# Hostkeys forProtocol version2#HostKey/etc/ssh/Ssh_host_rsa_key#hostkey/etc/ssh/ssh_host_dsa_key# Lifetime and size of ephemeral version1Server Key#keyregenerationinterval 1h#serverkeybits1024x768# logging# Obsoletes quietmode and fascistlogging#syslogfacility authsyslogfacility authpriv#loglevel INFO# Authentication: #LoginGraceTime 2m#PermitRootLogin yes #允许root认证登录#StrictModes yes#maxauthtries6#MaxSessionsTen#RSAAuthentication Yes #秘钥认证 #pubkeyauthentication yes#authorizedkeysfile. ssh/ authorized_keys #默认公钥存放的位置#AuthorizedKeysCommand none#authorizedkeyscommandrunas nobody# for ThisTo work you'll also need host keysinch/etc/ssh/ssh_known_hosts#rhostsrsaauthentication no# Similar forProtocol version2#HostbasedAuthentication no# change to YesifYou don'T Trust ~/.ssh/known_hosts for# rhostsrsaauthentication and hostbasedauthentication#ignoreuserknownhosts no# Don'T read the user'S ~/.rhosts and ~/. shosts files#ignorerhosts yes# To disable tunneled clear text passwords!#PasswordAuthentication yes#permitemptypasswords Nopasswordauthentication yes #允许密码认证# change to No Disable S/key passwords#challengeresponseauthentication yeschallengeresponseauthentication no# Kerberos options# Kerberosauthentication no#kerberosorlocalpasswd yes#kerberosticketcleanup Yes#kerberosgetafstoken no# Kerberosusekuserok yes# GSSAPI options#gssapiauthentication nogssapiauthentication yes#gssapicleanupcredentials Yesgssapicleanupcredentials yes#gssapistrictacceptorcheck yes#gssapikeyexchange no# Set ThisTo'Yes'to enable PAM authentication, account processing, # and session processing. If This  isenabled, PAM authentication'll # be allowed through the challengeresponseauthentication and# passwordauthentication  . Depending on your Pam configuration,# PAM authentication via challengeresponseauthentication may bypass# the setting of 
    "Permitrootlogin Without-password". # If You just want the PAM account and session checks to run without# PAM authentication, then enable ThisButSetpasswordauthentication# and Challengeresponseauthentication to'No'. #UsePAM nousepam yes# Accept locale-related environment variablesacceptenv LANG lc_ctype lc_numeric lc_time lc_collate lc_monetary LC_MESSAGESACCEPTENV Lc_paper lc_name lc_address lc_telephone lc_measurementacceptenv lc_identification LC_ALL LANGUAGEAcceptEnv XMODIFIERS #AllowAgentForwarding yes#allowtcpforwarding yes#gatewayports no#x11forwarding nox11forwarding yes#x11displayoffset Ten#X11UseLocalhost yes#printmotd yes#printlastlog yes#tcpkeepalive yes#uselogin no#useprivilegeseparation yes# Permituserenvironment no#compression Delayed#clientaliveinterval0#ClientAliveCountMax3#ShowPatchLevel No#usedns yes#pidfile/var/run/sshd.pid#maxstartupsTen: -: -#PermitTunnel no#chrootdirectory none# nodefaultBanner Path#banner none#Override defaultof no Subsystemssubsystem sftp/usr/libexec/openssh/sftp-server# Example of overriding settings on a per-user Basis#match user anoncvs# x11forwarding no# allowtcpforwarding no# forcecommand CVS Server

Related articles:

Putty SSH key login using: http://www.cnblogs.com/xiaochina/p/5793940.html

Ssh_config and Sshd_config but don't: http://www.cnblogs.com/xiaochina/p/5802008.html

SSH to login restrictions: http://www.cnblogs.com/xiaochina/p/5920057.html

Linux SSH service open key and password authentication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.