Shulou(Shulou.com)06/01 Report--

This article focuses on "steps to strengthen SSH security". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn the steps to strengthen SSH security.

A configuration item, AuthenticationMethods, has been added to OpenSSH versions later than 6.2. This configuration item allows OpenSSH to specify one or more authentication methods at the same time, and only after all authentication methods are passed will the authentication be considered successful.

For example, to specify that the account must have both the specified key and the correct password to log in, it can be configured like this.

# Don't forget to turn on these authentication methods PubkeyAuthentication yes PasswordAuthentication yes AuthenticationMethods publickey,password

Note: multiple authentication methods are used to separate them.

You can also set up multiple sets of multi-factor authentication, as long as each set of authentication is separated by a space.

For example: if you want to set up the login user must have the appropriate key, and then if the user is from the credit host, let him login directly, otherwise you need to enter the password to log in. We can configure something like this:

AuthenticationMethods publickey,password publickey,hostbased

One of the disadvantages of turning on multi-factor authentication is that it is not friendly to automated scripts. Therefore, generally speaking, multi-factor authentication is used in conjunction with Match User or Match Group to restrict some users from enabling or not enabling two-factor authentication.

For example, a common scenario may be to set up multi-factor authentication for users with administrative privileges.

PubkeyAuthentication yes PasswordAuthentication yes Match Group wheel AuthenticationMethods publickey,password

Of course, you can also turn on multi-factor authentication for general users, but provide users with certain key authentication for automated scripts.

AuthenticationMethods publickey,passwordMatch User gitAuthenticationMethods publickeyForceCommand / usr/bin/git-shell-c "$SSH_ORIGINAL_COMMAND" so far, I believe you have a deeper understanding of "SSH security enhancement steps". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.