SSH禁用密码验证

时间:2014-01-03 07:04:56

标签: ubuntu ssh ubuntu-12.04

我正在寻找一种方法来禁用ssh客户端访问密码提示,如上所述here

我无法禁用Root Login的password:提示。我已将sshd_config文件更改为:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

并且还更改了权限chmod 700 ~/.sshchmod 600 ~/.ssh/authorized_keys。我错过了什么?这需要我有密码吗?

详细转储:

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Next authentication method: password

的/ etc / SSH / sshd_config中:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no

6 个答案:

答案 0 :(得分:135)

/etc/ssh/sshd_config

中的

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication no

取消注释第二行,如果需要,将yes更改为no。

然后运行

service ssh restart

答案 1 :(得分:14)

运行

service ssh restart

而不是

/etc/init.d/ssh restart

这可能有用。

答案 2 :(得分:12)

这是一个自动执行此操作的脚本

# only allow key based logins
sed -n 'H;${x;s/\#PasswordAuthentication yes/PasswordAuthentication no/;p;}' /etc/ssh/sshd_config > tmp_sshd_config
cat tmp_sshd_config > /etc/ssh/sshd_config
rm tmp_sshd_config 

答案 3 :(得分:2)

禁用SSH密码身份验证的一线工具:

res = mod.fit()
res.summary()
                            OLS Regression Results                            
==============================================================================
Dep. Variable:                      y   R-squared:                       1.000
Model:                            OLS   Adj. R-squared:                    nan
Method:                 Least Squares   F-statistic:                       nan
Date:                Sun, 30 Aug 2020   Prob (F-statistic):                nan
Time:                        14:28:28   Log-Likelihood:                 66.947
No. Observations:                   2   AIC:                            -129.9
Df Residuals:                       0   BIC:                            -132.5
Df Model:                           1                                         
Covariance Type:            nonrobust                                         
==============================================================================
                 coef    std err          t      P>|t|      [0.025      0.975]
------------------------------------------------------------------------------
x1             0.5000        inf          0        nan         nan         nan
x2             0.5000        inf          0        nan         nan         nan
x3             1.0000        inf          0        nan         nan         nan
==============================================================================
Omnibus:                          nan   Durbin-Watson:                   0.200
Prob(Omnibus):                    nan   Jarque-Bera (JB):                0.333
Skew:                           0.000   Prob(JB):                        0.846
Kurtosis:                       1.000   Cond. No.                         3.23
==============================================================================
Warnings:
[1] Standard Errors assume that the covariance matrix of the errors is correctly specified.
[2] The input rank is higher than the number of observations.
"""

答案 4 :(得分:1)

我按照以下步骤操作(对于Mac)

/etc/ssh/sshd_config

更改此

#ChallengeResponseAuthentication yes #PasswordAuthentication yes

ChallengeResponseAuthentication no PasswordAuthentication no

现在生成rsa密钥: ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa (对我来说,rsa key有效。dsa key不起作用)。

密钥将与~/.ssh/id_rsa一起在~/.ssh/id_rsa.pub中生成

现在移到.ssh文件夹:cd ~/.ssh

输入rm -rf authorized_keys(有时多个键会导致错误)。

输入vi authorized_keys

输入:wq保存此空文件

输入cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

重新启动SSH

sudo launchctl stop com.openssh.sshd sudo launchctl start com.openssh.sshd

答案 5 :(得分:-7)

这是我的教程:

以root身份登录您的计算机:

ssh-keygen -t rsa 

并将密码留空

从本地计算机:(并且您必须输入密码)

ssh root@remotemachine mkdir -p .ssh

然后:

cat .ssh/id_rsa.pub | ssh root@remotemachine 'cat >> .ssh/authorized_keys'

现在您可以在没有pw提示的情况下登录

ssh root@remotemachine

链接:http://www.linuxproblem.org/art_9.html如果您有任何问题!