{"id":674,"date":"2025-05-10T17:16:30","date_gmt":"2025-05-10T09:16:30","guid":{"rendered":"https:\/\/wangliguang.cn\/?p=674"},"modified":"2025-05-10T17:19:56","modified_gmt":"2025-05-10T09:19:56","slug":"%e3%80%90%e6%96%b0%e6%95%99%e7%a8%8b%e3%80%91linux%e6%9c%8d%e5%8a%a1%e5%99%a8ssh%e5%90%af%e7%94%a8%e4%b8%a4%e6%ad%a5%e9%aa%8c%e8%af%81","status":"publish","type":"post","link":"https:\/\/wangliguang.cn\/?p=674","title":{"rendered":"\u3010\u65b0\u6559\u7a0b\u3011Linux\u670d\u52a1\u5668ssh\u542f\u7528\u4e24\u6b65\u9a8c\u8bc1"},"content":{"rendered":"<h2>1 \u80cc\u666f<\/h2>\n<p>\u670d\u52a1\u5668\u88ab\u6076\u610f\u7834\u89e3\u7684\u4e8b\u4ef6\u5c42\u51fa\u4e0d\u7a77\uff0c\u4e00\u65e6\u88ab\u7834\u89e3\u5c31\u6bd4\u8f83\u9ebb\u70e6\u3002\u4e0d\u5982\u63d0\u524d\u901a\u8fc7\u7b80\u5355\u7684\u63aa\u65bd\u2014\u2014\u589e\u52a0\u4e24\u6b65\u9a8c\u8bc1\uff0c\u6765\u5927\u5927\u589e\u5f3a\u670d\u52a1\u5668\u7684\u5b89\u5168\u6027\u3002\u672c\u6559\u7a0b\u5728Debian 12.5\u3001Ubuntu 24.04\u7b49\u7cfb\u7edf\u4e0a\u6d4b\u8bd5\u901a\u8fc7\u3002<\/p>\n<h2>2 \u8be6\u7ec6\u8fc7\u7a0b<\/h2>\n<p>1\u3001\u5b89\u88c5 libpam-google-authenticator<\/p>\n<pre><code>sudo apt update\nsudo apt install libpam-google-authenticator -y<\/code><\/pre>\n<p>2\u3001\u4e3a\u6bcf\u4e2a\u7528\u6237\u751f\u6210 TOTP \u5bc6\u94a5<\/p>\n<pre><code>google-authenticator<\/code><\/pre>\n<p>3\u3001\u56de\u7b54\u663e\u793a\u7684\u95ee\u9898\uff0c\u9ed8\u8ba4y\u5c31\u53ef\u4ee5\u3002<br \/>\n4\u3001\u4f7f\u7528\u5fae\u8f6f\u6216\u8005\u8c37\u6b4c\u9a8c\u8bc1\u5668\u626b\u7801\u3002<br \/>\n5\u3001\u62cd\u7167\u8bb0\u5f55\u5e94\u6025\u9a8c\u8bc1\u7801\u3002<br \/>\n6\u3001\u914d\u7f6e PAM \u6a21\u5757\u542f\u7528 TOTP<\/p>\n<pre><code>sudo vim \/etc\/pam.d\/sshd<\/code><\/pre>\n<p>\u5728\u6587\u4ef6\u6700\u4e0a\u65b9\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n<pre><code>auth required pam_google_authenticator.so nullok<\/code><\/pre>\n<p>\u5982\u679c\u5fc5\u987b\u4f7f\u7528\u4e24\u6b65\u9a8c\u8bc1\uff0c\u5219\uff1a<\/p>\n<pre><code>auth required pam_google_authenticator.so<\/code><\/pre>\n<p>\u4e0a\u8ff0\u533a\u522b\u5728\u4e8e\uff0c\u5982\u679c\u6ca1\u6709\u914d\u7f6e\u9a8c\u8bc1\u5668\uff0c\u8fd8\u80fd\u5426\u767b\u5f55\u3002\u524d\u8005\u5982\u679c\u6ca1\u6709\u914d\u7f6e\u9a8c\u8bc1\u5668\u8fd8\u53ef\u4ee5\u767b\u5f55\uff0c\u540e\u8005\u5c31\u65e0\u6cd5\u767b\u9646\u4e86\uff0c\u5fc5\u987b\u914d\u7f6e\u9a8c\u8bc1\u5668\u3002<br \/>\n7\u3001\u7f16\u8f91ssh\u914d\u7f6e\u3002<\/p>\n<pre><code>sudo vim \/etc\/ssh\/sshd_config<\/code><\/pre>\n<p>\u4fee\u6539\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n<pre><code>ChallengeResponseAuthentication yes\nUsePAM yes\nPasswordAuthentication yes  # \u5982\u4f7f\u7528\u516c\u94a5\u767b\u5f55\u53ef\u4e3a no\nKbdInteractiveAuthentication yes  # \u8fd9\u4e00\u884c\u5fc5\u4e0d\u53ef\u5c11\uff0c\u5426\u5219\u4e0d\u80fd\u4f7f\u7528xshell\uff0ctermius\u7b49<\/code><\/pre>\n<p>8\u3001\u91cd\u542fssh\u670d\u52a1\uff0c\u4f7f\u4e0a\u8ff0\u914d\u7f6e\u751f\u6548\u3002<\/p>\n<pre><code>sudo systemctl restart ssh<\/code><\/pre>\n<h2>3 \u8bf4\u660e<\/h2>\n<p>\u5728\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u4e4b\u540e\u6bcf\u6b21\u767b\u5f55\u90fd\u9700\u8981\u5148\u8f93\u5165\u9a8c\u8bc1\u7801\uff0c\u7136\u540e\u518d\u8f93\u5165\u5bc6\u7801\u3002<br \/>\n\u5982\u679c\u6309\u7167\u4e0a\u8ff0\u6b65\u9aa4\u4e0d\u80fd\u6b63\u5e38\u767b\u5f55\uff0c\u8bf7\u5148\u68c0\u67e5\u4f7f\u7528\u7684ssh\u8f6f\u4ef6\uff0c\u4f7f\u7528xshell\u6216\u8005termius\u751a\u81f3\u4f7f\u7528\u7cfb\u7edf\u81ea\u5e26\u7684\u7ec8\u7aef\uff0c\u770b\u80fd\u5426\u987a\u5229\u767b\u5f55<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1 \u80cc\u666f \u670d\u52a1\u5668\u88ab\u6076\u610f\u7834\u89e3\u7684\u4e8b\u4ef6\u5c42\u51fa\u4e0d\u7a77\uff0c\u4e00\u65e6\u88ab\u7834\u89e3\u5c31\u6bd4\u8f83\u9ebb\u70e6\u3002\u4e0d\u5982\u63d0\u524d\u901a\u8fc7\u7b80\u5355\u7684\u63aa\u65bd\u2014\u2014\u589e\u52a0\u4e24\u6b65\u9a8c\u8bc1\uff0c\u6765\u5927\u5927&hellip; <a href=\"https:\/\/wangliguang.cn\/?p=674\" class=\"more-link\">\u7ee7\u7eed\u9605\u8bfb <span class=\"screen-reader-text\">\u3010\u65b0\u6559\u7a0b\u3011Linux\u670d\u52a1\u5668ssh\u542f\u7528\u4e24\u6b65\u9a8c\u8bc1<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,8,14],"tags":[],"class_list":["post-674","post","type-post","status-publish","format-standard","hentry","category-diy","category-linux","category-14"],"_links":{"self":[{"href":"https:\/\/wangliguang.cn\/index.php?rest_route=\/wp\/v2\/posts\/674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wangliguang.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wangliguang.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wangliguang.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wangliguang.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=674"}],"version-history":[{"count":2,"href":"https:\/\/wangliguang.cn\/index.php?rest_route=\/wp\/v2\/posts\/674\/revisions"}],"predecessor-version":[{"id":676,"href":"https:\/\/wangliguang.cn\/index.php?rest_route=\/wp\/v2\/posts\/674\/revisions\/676"}],"wp:attachment":[{"href":"https:\/\/wangliguang.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wangliguang.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=674"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wangliguang.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}