What are the popular sniff, colai listeners, or social engineering attacks? What should we do? It is so insecure to fix a password, it is very simple and practical to understand the one-time password mechanism that has existed in freebsd for many years.
First, we need to initialize the first one-time password: The opiepasswd-c-f command
The know ira fur mesh san bill above (note that spaces in the middle should also be retained and cannot be omitted) is the first one-time password we get, the account corresponding to the seed xi9933 numbered 499 is root!
好了我们开始批量产生大量的密码,做好记录或者发送到安全的email上去。随时调用查看。命令为:opiekey -f -n 10 498 xi9933 (注意-n 10是产生10个 498为最后一个密码的编号,ix9933就是初始化时的种子)
好了10个密码产生了,不够再加,,对了“ Enter secret pass phrase”安全短语一定要和初始化时用的一样!! www.2cto.com
这样我们的freebsd有两种密码登陆机制了,一种是传统的UNIX机制,一种是opie,我们怎么限制那些电脑使用哪种机制呢。。。。对了在/etc目录中已经有了一个控制文件opieaccess文件,默认除了本地(local)可是两个机制都行外,其他的远程都是只能使用opie方式登陆,你可以打开这个文件加入ip地址允许或拒绝UNIX登陆!
还有就是,给其他账户加密码,只要切换到该用户下去就行方法一样,如果在ssh中初始化就不要加 -c 参数直接 opiepasswd -f!
好了忙活了半个小时,安全提高了一大截,值了,歇歇!!
摘自 清蒸BSD红烧LINUX博客
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
