二次登陆验证
2016-05-13 08:44
274 查看
服务器二次登录验证:目前比较流行的两种方式1 Google https://github.com/google/google-authenticator
通过 私钥+时间戳 算出6位验证码,客户端和服务端匹配,则通过验证。 缺点:数据明文存储本地,root账号可以看到应用商店搜索 Google身份验证器 安装
2 洋葱https://github.com/secken/secken-ssh
git clone https://github.com/secken/secken-ssh.gitsh dep.sh
tips将keyboard interactive 放到第一位
通过秘钥登录的 无法进行二次验证
参考:http://36kr.com/p/532998.html http://www.xitongzhijia.net/xtjc/20141211/32369.html
安装 关闭 selinux git clone https://github.com/google/google-authenticator.git yum install libtool ./bootstrap.sh ./configure make && make install google-authenticator 获取私钥 客户端输入。 Do you want me to update your "/root/.google_authenticator" file (y/n) y Do you want to disallow multiple uses of the same authenticationtoken? This restricts you to one login about every 30s, but it increasesyour chances to notice or even prevent man-in-the-middle attacks (y/n) Do you want to disallow multiple uses of the same authenticationtoken? This restricts you to one login about every 30s, but it increasesyour chances to notice or even prevent man-in-the-middle attacks (y/n) y By default, tokens are good for 30 seconds. In order to compensate forpossible time-skew between the client and the server, we allow an extratoken before and after the current time. If you experience problems withpoor time synchronization, you can increase the window from its defaultsize of +-1min (window size of 3) to about +-4min (window size of17 acceptable tokens).Do you want to do so? (y/n) y If the computer that you are logging into isn't hardened against brute-forcelogin attempts, you can enable rate-limiting for the authentication module.By default, this limits attackers to no more than 3 login attempts every 30s.Do you want to enable rate-limiting (y/n) y vim /etc/pam.d/sshd 第一行添加 auth required pam_google_authenticator.so vim /etc/ssh/sshd_config 修改为 ChallengeResponseAuthentication yes service sshd restart ln -s /usr/local/lib/security/pam_google_authenticator.so pam_google_authenticator.so
通过 私钥+时间戳 算出6位验证码,客户端和服务端匹配,则通过验证。 缺点:数据明文存储本地,root账号可以看到应用商店搜索 Google身份验证器 安装
2 洋葱https://github.com/secken/secken-ssh
git clone https://github.com/secken/secken-ssh.gitsh dep.sh
tips将keyboard interactive 放到第一位
通过秘钥登录的 无法进行二次验证
参考:http://36kr.com/p/532998.html http://www.xitongzhijia.net/xtjc/20141211/32369.html
相关文章推荐
- 谷歌 Project Zero 团队宣布新政策,漏洞披露前将有完整的 90 天缓冲期
- 春节长假安全手册
- 地震避险自救常识
- 路由器安全有关的目录
- 打造个性_安全的电脑系统图文教程2第1/2页
- 路由器内的安全认证
- 加强php的安全之一
- http www安全必备知识
- SQLServer 2008中的代码安全(一) 存储过程加密与安全上下文
- C语言安全编码之数值中的sizeof操作符
- PHP安全上传图片的方法
- C#实现线程安全的简易日志记录方法
- php 编写安全的代码时容易犯的错误小结
- JSP应用的安全问题
- asp.net安全、实用、简单的大容量存储过程分页第1/2页
- 新安装的MySQL数据库需要注意的安全知识
- 用PHP书写安全的脚本代码