我无法解释我的Lightsail实例。我将SSH配置为不仅要求密钥,而且要求硬件令牌。我已经使用了几个月,但是最近重新启动后,它不再接受我的硬件令牌。
与Amazon的联系显示,在创建失败实例的快照后,可以在第一次运行时将一次性启动脚本插入实例。鉴于这一事实,我编写了一个简单的脚本来将/etc/pam.d/sshd和/ etc / ssh / sshd_config更改为仅要求提供密钥证书。
这是问题所在,无论我尝试什么,似乎启动脚本都被完全忽略了。我什至将输出写到html文件中以查看发生了什么,但是它永远不存在。这是我的启动脚本:
#!/bin/bash
#Test to see if script executed & create file
/bin/echo "Script Running" > /var/www/html/games/public/script.html
#Remove yubico
/usr/bin/apt remove --purge libpam-yubico >> /var/www/html/psychoticgames/public/script.html
#Correct Pam files to remove yubikey
/bin/grep "#@" /etc/pam.d/sshd | /usr/bin/tr -d '#' | /bin/grep -v "^$" | /bin/grep -v "yubi"> /etc/pam.d/sshd.new
/bin/grep -v "#" /etc/pam.d/sshd | /bin/grep -v "^$" | /bin/grep -v "yubi">> /etc/pam.d/sshd.new
/bin/mv /etc/pam.d/sshd /etc/pam.d/sshd.bak
/bin/mv /etc/pam.d/sshd.new /etc/pam.d/sshd
/bin/grep "#@" /etc/pam.d/sudo | /usr/bin/tr -d '#' | /bin/grep -v "^$" | /bin/grep -v "yubi"> /etc/pam.d/sudo.new
/bin/grep -v "#" /etc/pam.d/sudo | /bin/grep -v "^$" | /bin/grep -v "yubi">> /etc/pam.d/sudo.new
/bin/mv /etc/pam.d/sudo /etc/pam.d/sudo.bak
/bin/mv /etc/pam.d/sudo.new /etc/pam.d/sudo
#Test to see if script PAM complete
/bin/echo "Script Pam Complete" >> /var/www/html/games/public/script.html
#Correct /etc/ssh/sshd_config to not ask for Yubikey
/usr/bin/find /etc/ssh/sshd_config -type f -exec sed -i 's/ChallengeResponseAuthentication yes/#ChallengeResponseAuthentication yes/g' {} \;
/usr/bin/find /etc/ssh/sshd_config -type f -exec sed -i 's/AuthenticationMethods/#AuthenticationMethods/g' {} \;
#Test to see if script complete
/bin/echo "Script Complete" >> /var/www/html/games/public/script.html
/bin/chown ubuntu:www-data /var/www/html/games/public/script.html
/bin/chmod 644 /var/www/html/games/public/script.html
service ssh restart
我能想到的是,启动脚本是Amazon可以打开的东西,还是这种格式不正确。作为bash脚本,它可以在我的测试机上正常运行,所以我不知道LightSail会忽略它。