Shulou(Shulou.com)06/01 Report--

Server secondary login authentication:

Two popular ways at present

1 Google

Https://github.com/google/google-authenticator

Install and close selinuxgit clone https://github.com/google/google-authenticator.gityum install libtool. / bootstrap.sh. / configure make & & make install google-authenticator to obtain private key client input. Do you want me to update your "/ root/.google_authenticator" file (yzone) yDo you want to disallow multiple uses of the same authenticationtoken? This restricts you to one login about every 30s, but it increasesyour chances to notice or even prevent man-in-the-middle attacks (yzone) Do you want to disallow multiple uses of the same authenticationtoken? This restricts you to one login about every 30s, but it increasesyour chances to notice or even prevent man-in-the-middle attacks (Yzone) yBy default, tokens are good for 30 seconds. In order to compensate forpossible time-skew between the client and the server, we allow an extratoken before and after the current time. If you experience problems withpoor time synchronization, you can increase the window from its defaultsize of +-1min (window size of 3) to about +-4min (window size of17 acceptable tokens). Do you want to do so? (YPO) yIf the computer that you are logging into isn't hardened against brute-forcelogin attempts, you can enable rate-limiting for the authentication module.By default, this limits attackers to no more than 3 login attempts every 30s.Do you want to enable rate-limiting (YSEO) y vim / etc/pam.d/sshd first line add auth required pam_google_authenticator.so vim / etc/ssh/sshd_config to ChallengeResponseAuthentication yes service sshd restartln-s / usr/local/lib/security/pam_google_authenticator.so pam_google_authenticator.so

The 6-bit verification code is calculated through the private key + timestamp, and the client and the server match, then the verification is passed.

Disadvantages: the data is stored locally in plaintext and can be seen by root account.

Application Store search for Google authenticator installation

2 onions

Https://github.com/secken/secken-ssh

Git clone https://github.com/secken/secken-ssh.git

Sh dep.sh

Tips

Put keyboard interactive in the first place

Login via secret key cannot be verified twice.

Reference: http://36kr.com/p/532998.html

Http://www.xitongzhijia.net/xtjc/20141211/32369.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.