• 为 OpenSSH 启用双因素认证(sshd)

    为 OpenSSH 启用双因素认证(sshd)

    /etc/ssh/sshd_config 中加入下面的选项启用双因素认证:

    1. # Require public key *and* password authentication. Without this, a valid public
    2. # key would bypass the Yubikey requirement.
    3. AuthenticationMethods publickey,password
    5. # Enable the password authentication backend.
    6. PasswordAuthentication yes
    8. # Disable the keyboard-interactive mode which could be used to ask for the
    9. # password.
    10. ChallengeResponseAuthentication no
    12. # Enable PAM integration for authentication as this is the system that Yubikey
    13. # integrates with.
    14. UsePAM yes

    如果你要通过 root 用户登录,请添加或修改同一个文件中的 PermitRootLogin 选项,将 prohibit-password 替换成 yes

    1. # Enable root login via ssh.
    2. PermitRootLogin yes

    重新启动 ssh 服务,这不会中断你现有的会话。

    1.  service ssh restart