Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how to enable multi-factor authentication under OpenSSH". In daily operation, I believe many people have doubts about how to enable multi-factor authentication under OpenSSH. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts of "how to enable multi-factor authentication under OpenSSH". Next, please follow the editor to study!

A configuration item, AuthenticationMethods, has been added to OpenSSH versions later than 6.2. This configuration item allows OpenSSH to specify one or more authentication methods at the same time, and only after all authentication methods are passed will the authentication be considered successful.

For example, to specify that the account must have both the specified key and the correct password to log in, it can be configured like this.

# Don't forget to turn on these authentication methods PubkeyAuthentication yes PasswordAuthentication yes AuthenticationMethods publickey,password

Note: multiple authentication methods are used to separate them.

You can also set up multiple sets of multi-factor authentication, as long as each set of authentication is separated by a space.

For example: if you want to set up the login user must have the appropriate key, and then if the user is from the credit host, let him login directly, otherwise you need to enter the password to log in. We can configure something like this:

AuthenticationMethods publickey,password publickey,hostbased

One of the disadvantages of turning on multi-factor authentication is that it is not friendly to automated scripts. Therefore, generally speaking, multi-factor authentication is used in conjunction with Match User or Match Group to restrict some users from enabling or not enabling two-factor authentication.

For example, a common scenario may be to set up multi-factor authentication for users with administrative privileges.

PubkeyAuthentication yes PasswordAuthentication yes Match Group wheel AuthenticationMethods publickey,password

Of course, you can also turn on multi-factor authentication for general users, but provide users with certain key authentication for automated scripts.

AuthenticationMethods publickey,password Match User git AuthenticationMethods publickey ForceCommand / usr/bin/git-shell-c "$SSH_ORIGINAL_COMMAND" so far, the study on "how to enable multi-factor authentication under OpenSSH" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.