Tag: His use ASC implements RTU Tunnel Gateway amp FTP
Problem Description:
Implement Linux key and password authentication simultaneously
Solution:
Vim/etc/ssh/sshd_config
Basic parameters:
Permitrootlogin Yes #允许root认证登录
Passwordauthentication Yes #允许密码认证
Rsaauthentication Yes #秘钥认证
Pubkeyauthentication Yes
Detailed parameter list
[Email protected] ~]# cat/etc/ssh/sshd_config # $OpenBSD: Sshd_config,v1.80 -/ -/ Geneva Geneva: -: -djm Exp $# This isThe SSHD server system-wide configuration file. see# Sshd_config (5) forMore information.# This sshd is compiled with PATH=/usr/local/bin:/bin:/usr/bin# the strategy used forOptionsinchThedefaultsshd_config shipped with# OpenSSH isTo specify options with theirdefaultValuewhere# possible, but leave them commented. uncommented Options Change a#defaultvalue. #Port #ssh默认端口#AddressFamily any#ListenAddress 0.0.0.0 #绑定监听IP#ListenAddress:: # Disable Legacy (Protocol version1) SupportinchThe server for New# installations. in the future thedefaultWould change to requireExplicit# Activation of protocol1Protocol2# Hostkey forProtocol version1#HostKey/etc/ssh/ssh_host_key# Hostkeys forProtocol version2#HostKey/etc/ssh/Ssh_host_rsa_key#hostkey/etc/ssh/ssh_host_dsa_key# Lifetime and size of ephemeral version1Server Key#keyregenerationinterval 1h#serverkeybits1024x768# logging# Obsoletes quietmode and fascistlogging#syslogfacility authsyslogfacility authpriv#loglevel INFO# Authentication: #LoginGraceTime 2m#PermitRootLogin yes #允许root认证登录#StrictModes yes#maxauthtries6#MaxSessionsTen#RSAAuthentication Yes #秘钥认证 #pubkeyauthentication yes#authorizedkeysfile. ssh/ authorized_keys #默认公钥存放的位置#AuthorizedKeysCommand none#authorizedkeyscommandrunas nobody# for ThisTo work you'll also need host keysinch/etc/ssh/ssh_known_hosts#rhostsrsaauthentication no# Similar forProtocol version2#HostbasedAuthentication no# change to YesifYou don'T Trust ~/.ssh/known_hosts for# rhostsrsaauthentication and hostbasedauthentication#ignoreuserknownhosts no# Don'T read the user'S ~/.rhosts and ~/. shosts files#ignorerhosts yes# To disable tunneled clear text passwords!#PasswordAuthentication yes#permitemptypasswords Nopasswordauthentication yes #允许密码认证# change to No Disable S/key passwords#challengeresponseauthentication yeschallengeresponseauthentication no# Kerberos options# Kerberosauthentication no#kerberosorlocalpasswd yes#kerberosticketcleanup Yes#kerberosgetafstoken no# Kerberosusekuserok yes# GSSAPI options#gssapiauthentication nogssapiauthentication yes#gssapicleanupcredentials Yesgssapicleanupcredentials yes#gssapistrictacceptorcheck yes#gssapikeyexchange no# Set ThisTo'Yes'to enable PAM authentication, account processing, # and session processing. If This isenabled, PAM authentication'll # be allowed through the challengeresponseauthentication and# passwordauthentication . Depending on your Pam configuration,# PAM authentication via challengeresponseauthentication may bypass# the setting of
"Permitrootlogin Without-password". # If You just want the PAM account and session checks to run without# PAM authentication, then enable ThisButSetpasswordauthentication# and Challengeresponseauthentication to'No'. #UsePAM nousepam yes# Accept locale-related environment variablesacceptenv LANG lc_ctype lc_numeric lc_time lc_collate lc_monetary LC_MESSAGESACCEPTENV Lc_paper lc_name lc_address lc_telephone lc_measurementacceptenv lc_identification LC_ALL LANGUAGEAcceptEnv XMODIFIERS #AllowAgentForwarding yes#allowtcpforwarding yes#gatewayports no#x11forwarding nox11forwarding yes#x11displayoffset Ten#X11UseLocalhost yes#printmotd yes#printlastlog yes#tcpkeepalive yes#uselogin no#useprivilegeseparation yes# Permituserenvironment no#compression Delayed#clientaliveinterval0#ClientAliveCountMax3#ShowPatchLevel No#usedns yes#pidfile/var/run/sshd.pid#maxstartupsTen: -: -#PermitTunnel no#chrootdirectory none# nodefaultBanner Path#banner none#Override defaultof no Subsystemssubsystem sftp/usr/libexec/openssh/sftp-server# Example of overriding settings on a per-user Basis#match user anoncvs# x11forwarding no# allowtcpforwarding no# forcecommand CVS Server
Related articles:
Putty SSH key login using: http://www.cnblogs.com/xiaochina/p/5793940.html
Ssh_config and Sshd_config but don't: http://www.cnblogs.com/xiaochina/p/5802008.html
SSH to login restrictions: http://www.cnblogs.com/xiaochina/p/5920057.html
Linux SSH service open key and password authentication