安装google-authenticator实现动态密码
2014-05-23 17:34
267 查看
1、依赖包安装:
SSH登录时调用google-authenticator模块,编辑添加如下内容:
UsePAM yes
/etc/init.d/sshd restart 4、然后使用Google-authenticator命令创建随机密码,操作如下(默认都是y):[root@clone2 libpam]# google-authenticator
Do you want authentication tokens to be time-based (y/n) y https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@clone2%3Fsecret%3DZSQBUSM3WEXZDQRR Your new secret key is: ZSQBUSM3WEXZDQRR
Your verification code is 198178
Your emergency scratch codes are:
16050151
22929943
74444984
23544107
20880478
Do you want me to update your "/root/.google_authenticator" file (y/n) y
Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n) y
By default, tokens are good for 30 seconds and in order to compensate for
possible time-skew between the client and the server, we allow an extra
token before and after the current time. If you experience problems with poor
time synchronization, you can increase the window from its default
size of 1:30min to about 4min. Do you want to do so (y/n) y
If the computer that you are logging into isn't hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y · 其中,· https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@clone2%3Fsecret%· 上述链接可以直接用手机客户端扫描,进行配置。然后就可以在手机上安装google-authenticator客户端,通过输入私钥即可实时显示密码
以后再远程登录的时候就会弹出验证码,而要输入客户端上实时产生的动态验证码才能进行登录;§ 注释:终端登录的时候secureCRT或者xshell不要用password方式直接登录,应选择==键盘交互==鉴权方式登录
yum -y install mercurial pam-devel2、安装Google Authenticator:
git clone https://code.google.com/p/google-authenticator/ cd google-authenticator/google-authenticator/libpam make && make install
[ libpam]# make install cp pam_google_authenticator.so /lib64/security cp google-authenticator /usr/local/bin3、编辑ssh相关配置文件(认证等)
SSH登录时调用google-authenticator模块,编辑添加如下内容:
vi /etc/pam.d/sshd
auth required pam_google_authenticator.so修改SSH配置文件:vim /etc/ssh/sshd_config添加或修改以下内容:ChallengeResponseAuthentication yes
UsePAM yes
/etc/init.d/sshd restart 4、然后使用Google-authenticator命令创建随机密码,操作如下(默认都是y):[root@clone2 libpam]# google-authenticator
Do you want authentication tokens to be time-based (y/n) y https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@clone2%3Fsecret%3DZSQBUSM3WEXZDQRR Your new secret key is: ZSQBUSM3WEXZDQRR
Your verification code is 198178
Your emergency scratch codes are:
16050151
22929943
74444984
23544107
20880478
Do you want me to update your "/root/.google_authenticator" file (y/n) y
Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n) y
By default, tokens are good for 30 seconds and in order to compensate for
possible time-skew between the client and the server, we allow an extra
token before and after the current time. If you experience problems with poor
time synchronization, you can increase the window from its default
size of 1:30min to about 4min. Do you want to do so (y/n) y
If the computer that you are logging into isn't hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y · 其中,· https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@clone2%3Fsecret%· 上述链接可以直接用手机客户端扫描,进行配置。然后就可以在手机上安装google-authenticator客户端,通过输入私钥即可实时显示密码
以后再远程登录的时候就会弹出验证码,而要输入客户端上实时产生的动态验证码才能进行登录;§ 注释:终端登录的时候secureCRT或者xshell不要用password方式直接登录,应选择==键盘交互==鉴权方式登录
相关文章推荐
- 安装google-authenticator实现动态密码
- cygwin安装sshd服务并实现无密码登录
- 安装配置ssh并实现无密码登录
- Android实现APP安装后动态更换Icon和名称(即一个App多种入口)
- mac 环境下 安装ga-cmd,命令行自动获取 google authenticator code
- Android用SharedPreferences保存数据实现注册和登录功能(首次安装默认打开注册,记住密码)
- 使用JS实现的可变动态密码输入键盘控件源代码
- Android实现动态显示或隐藏密码输入框的内容
- 用ASP.NET做项目,本本上的系统是XP,网上下载了IIS6,安装完后出现HTTP500问题,解决之.接着出现了浏览页面时跳出登陆框让输用户名及密码,GOOGLE了一下,原来是权限不够,解决方法
- Android 实现密码输入框动态明文/密文切换显示效果
- JavaScript实现获取动态密码倒计时效果demo
- 宁盾动态密码认证实现企业交换机、路由器等网络设备安全管理方案
- 【Android】实现动态显示隐藏密码输入框的内容
- 【Android】实现动态显示隐藏密码输入框的内容
- 在debian上安装google-authenticator(ssh双重认证)
- Lamp安装与实现动态网页案例(一)
- NSIS:使用PassDialog插件实现密码安装(卸载)功能
- Android实现动态显示或隐藏密码输入框的内容
- Linux实现ssh双因子登陆,with Google Authenticator
- android之EditText实现动态显示隐藏密码输入框的内容(实用)