Secure login with key for SSH [Ssh+pam+putty]
Author: Shaozong [Scott Siu]E-mail:scottsiuzs@gmail.comHave seen a lot about SSH key to log in the article, a lot of points in the incomplete, I am here to tidy up.System PlatformServer: SLES 9.3Client: Window XPRHEL 4 as 4.0Notes1. Putty Generation Key (Window)Download th
Vim/etc/pam. d/sshd
Add auth required pam_listfile.so item = user sense = deny file =/etc/sshdusers onerr = succeed to the first line. Note that the execution order in pam is the top priority.
Vim/etc/sshdusers
Add root wp to the file. root and wp are two local users.
Service sshd restart
Test on another terminal
[Root @ clone2 ~] # Ssh clone1.rhel.comA root@clon
Use pam chroot to restrict logon to users through SSH
Many netizens have written a lot of articles about how to use pam chroot to restrict remote login user access. However, there are still some problems, resulting in unavailability, it helps you learn how to use the pam_chroot module in ssh.The PAM mechanism in Linux
Linux Security applicationsSSH access controlTCP Wrappers ProtectionPam Pluggable AuthenticationPam Certification Case Practice?What are the pitfalls of SSH login?Insecure network environmentPassword sniffingKeyboard recordmalicious guessing and attackingAccount EnumerationBrute Force password?Improve the safety of SHHEnable SSH blacklist, whitelistAllow only, deny onlyVerifying client KeysClient storage pr
Problem Background:
To enhance the security of linux servers, it is required that the specified user can only work in the specified directory after logging on from ssh and can only run the specified command or script
Solution:
Modify the ssh logon authentication method
[Root @ localhost ~] # Vi/etc/pam. d/sshd
# % PAM
0x00 PAM Introduction
PAM (Pluggable Authentication Modules) is an Authentication mechanism proposed by Sun. It provides dynamic link libraries and a set of unified APIs to separate the services provided by the system from the authentication methods of the service, this allows the system administrator to flexibly configure different authentication methods for different services as needed without changing th
Linux Pampam back door I'm chaps.2014/03/24 11:080x00 Pam Introduction
PAM (pluggable authentication Modules) is a certification mechanism presented by Sun. It separates the services provided by the system and the authentication of the service by providing some dynamic link libraries and a unified set of APIs, allowing system administrators the flexibility to configure different authentication methods
Article Title: use PAM Authentication To enhance Linux server security. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
PAM (Pluggable Authentication Modules) Plug-in Authentication module, which is an efficient and flexible and convenient user-level Authentication metho
PAM (pluggable authentication Modules) is a pluggable authentication module that is an efficient and flexible user-level authentication method that is commonly used by Linux servers today. Of course, in different versions of the Linux system to deploy PAM certification is different, this article will take the RHEL4 version as an example to resolve.1. The need to deploy
The following content is reproduced from http://sourceforge.net/projects/pam-mysql/forums/forum/17691/topic/1322966
When I want to configure pam_mysql-0.6 (. /configure -- With-Pam =/usr/local/include/security -- With-mysql =/usr/local/bin/mysql_config), I get an error message "Configure: Error: cannot find Pam headers. please check if your system is ready for
the Panel. A dialog box appears, click "Forget Authorization" to destroy the active timestamp file.You should be aware of the following issues when working with PAM timestamp files:1, if you telnet to the system by using SSH, use the/sbin/pam_timestamp_check-k root command to destroy the timestamp file.2, the/sbin/pam_timestamp_check-k root command should be run under the same terminal window that issued t
# Ssh-l redhat 192.168.0.22 failed# Ssh-l chinaitlab 192.168.0.22 successful# W display logged-on users and the last operation
Application of pam_limits.so1. view the Help file and confirm its configuration file location and parameter mode.# Less/usr/share/doc/pam-0.99.3.0/txt/README. pam_limits
User name or group name
does not receive a logon rejection prompt.Note: If the root user uses ssh for remote connection, the root user is also limited by pam_listfile.so.In fact, the usage of the pam module is similar.To learn more about the usage of the PAM module, use man modules.Tip:If an error occurs, Linux-PAM may change the system secu
PAM (Pluggable Authentication Modules) Plug-in Authentication module, which is an efficient and flexible and convenient user-level Authentication method. It is also a common Authentication method for Linux servers. Of course, deploying PAM Authentication in Linux systems of different versions is different. This article will take RHEL4 version as an example for parsing.
1. Necessity of deploying
The system environment is CentOS 6.4. This section describes the simple configuration process of PAM (Pluggable Authentication Modules) on the ssh service.
You must first add a common user and belong to the wheel group to ensure that other users except root can log on to the system !!!!!!!
Useradd-g wheel admin
Passwd admin
1. Disable root Login
Vim/etc/ssh/sshd
/lib/security/$ISA/pam_limits.soSession required/lib/security/$ISA/pam_unix.so[Email protected] txts]# pwd/usr/share/doc/pam-0.75/txts[Email protected] txts]# more Readme.pam_nologin# $Id: Readme,v 1.1.1.1 2000/06/20 22:11:46 Agmorgan EXP $#This module always lets root in; It lets other users on only if the file/etc/nologin doesn ' t exist. In any case, if /etc/nologin exists, it ' sContents is displayed to the user.Module Services Provided:Auth _auth
Essun#echo "Essun" >/etc/sshdusersLog in with Tom UserYou can see the prompt to enter a password, when you enter the correct password will promptIt's like typing in the wrong password. When you log in using Essun, you will not be prompted to deny loginNote: If Root is also connected remotely using SSH, it will also be subject to pam_listfile.so restrictions.Actually, the PAM module uses the same routines.T
user, you will receiveThis does not only restrict the root user, but also other users can use this method to limit, when the system installation is complete, use this method to enhance security.2, pam_listfile.soOnly Essun users can log on remotely via SSHAdd a message to the/etc/pam.d/sshd file
1
auth required pam_listfile.so item=user sense=allowfile=/etc/sshdusersonerr=succeed
Add two users Essun and TomEdit file specified files, add previous user Essun
user Essun
1
#echo "essun" >/etc/sshdusers
Log in with Tom UserYou can see the prompt to enter a password, when you enter the correct password will promptIt's like typing in the wrong password. When you log in using Essun, you will not be prompted to deny loginNote: If Root is also connected remotely using SSH, it will also be subject to pam_listfile.so restrictions.Actually, the P
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.