服务器二次登录验证:
站在用户的角度思考问题,与客户深入沟通,找到苏尼特左网站设计与苏尼特左网站推广的解决方案,凭借多年的经验,让设计与互联网技术结合,创造个性化、用户体验好的作品,建站类型包括:成都网站制作、成都网站建设、外贸营销网站建设、企业官网、英文网站、手机端网站、网站推广、国际域名空间、网页空间、企业邮箱。业务覆盖苏尼特左地区。目前比较流行的两种方式
1 Google
https://github.com/google/google-authenticator
安装 关闭 selinux git clone https://github.com/google/google-authenticator.git yum install libtool ./bootstrap.sh ./configure make && make install google-authenticator 获取私钥 客户端输入。 Do you want me to update your "/root/.google_authenticator" file (y/n) y Do you want to disallow multiple uses of the same authenticationtoken? This restricts you to one login about every 30s, but it increasesyour chances to notice or even prevent man-in-the-middle attacks (y/n) Do you want to disallow multiple uses of the same authenticationtoken? This restricts you to one login about every 30s, but it increasesyour chances to notice or even prevent man-in-the-middle attacks (y/n) y By default, tokens are good for 30 seconds. In order to compensate forpossible time-skew between the client and the server, we allow an extratoken before and after the current time. If you experience problems withpoor time synchronization, you can increase the window from its defaultsize of +-1min (window size of 3) to about +-4min (window size of17 acceptable tokens).Do you want to do so? (y/n) y If the computer that you are logging into isn't hardened against brute-forcelogin attempts, you can enable rate-limiting for the authentication module.By default, this limits attackers to no more than 3 login attempts every 30s.Do you want to enable rate-limiting (y/n) y vim /etc/pam.d/sshd 第一行添加 auth required pam_google_authenticator.so vim /etc/ssh/sshd_config 修改为 ChallengeResponseAuthentication yes service sshd restart ln -s /usr/local/lib/security/pam_google_authenticator.so pam_google_authenticator.so
通过 私钥+时间戳 算出6位验证码,客户端和服务端匹配,则通过验证。
缺点:数据明文存储本地,root账号可以看到
应用商店搜索 Google身份验证器 安装
2 洋葱
https://github.com/secken/secken-ssh
git clone https://github.com/secken/secken-ssh.git
sh dep.sh
tips
将keyboard interactive 放到第一位
通过秘钥登录的 无法进行二次验证
参考:http://36kr.com/p/532998.html
http://www.xitongzhijia.net/xtjc/20141211/32369.html
另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
标题名称:二次登陆验证-创新互联
文章网址:https://www.cdcxhl.com/article20/gphco.html
成都网站建设公司_创新互联,为您提供网站导航、关键词优化、网站排名、动态网站、外贸建站、企业网站制作
声明:本网站发布的内容(图片、视频和文字)以用户投稿、用户转载内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-86922220;邮箱:631063699@qq.com。内容未经允许不得转载,或转载时需注明来源: 创新互联