SSH 服务开启步骤
使用 apt install 安装 SSH 的服务端和客户端
sudo apt install openssh-client sudo apt install openssh-server
如果你只是想登录别的机器,SSH 只需要安装 client 端,如果你要使本机开启 SSH 服务需要安装 server 端。
开启 SSH 服务
sudo systemctl start ssh.service //开启服务 ps aux|grep ssh //查看是否开启
如果有 sshd 这个字段出现,说明 SSH 服务已经开启了。
看到服务 starting 了,服务成功开启。另外,还有几条命令需要记住:
sudo service ssh status 查看服务状态:
sudo service ssh stop 关闭服务: sudo service ssh restart 重启服务
可选:设置可以 root 登录 ssh
sudo vim /etc/ssh/sshd_config 把 PermitRootLogin prohibit-password 改成 PermitRootLogin yes
记得重启 ssh
sudo systemctl restart sshd
Smart card authentication with SSH
One of the authentication methods supported by the SSH protocol is public key authentication. A public key is copied to the SSH server where it is stored and marked as authorized. The owner of the corresponding private key in the smart card can then SSH login to the server.
We will use opensc-pkcs11
on the client to access the smart card drivers, and we will copy the public key from the smart card to the SSH server to make the authentication work.
The following instructions apply to Ubuntu 18.04 later.
Server configuration
The SSH server and client must be configured to permit smart card authentication.
Configure the SSH server
The SSH server needs to allow public key authentication set in its configuration file and it needs the user’s public key.
Ensure the server has the PubkeyAuthentication option set to ‘yes’ in its /etc/ssh/sshd_config
file. In a default /etc/ssh/sshd_config
in Ubuntu, the
PubkeyAuthentication option is commented out. However, the default is ‘yes’. To ensure the setting, edit the sshd_config
file and set accordingly.
PubkeyAuthentication yes
Restart the SSH server
sudo systemctl restart sshd
Set the public key on the server
Extract the user’s public key from the smart card on the SSH client. Use sshkeygen to read the public key from the smart card and into a format consumable
for SSH.
ssh-keygen -D /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so > smartcard.pub
Copy this key to the SSH server.
ssh-copy-id -f -i smartcard.pub ubuntu@server-2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “smartcard.pub”
ubuntu@server-2’s password:
Number of key(s) added: 1
Now try logging into the machine, with: “ssh ‘ubuntu@server-2’”
and check to make sure that only the key(s) you wanted were added.
Client configuration
The SSH client needs to identify its PKCS#11 provider. To do that set the PKCS11Provider option in the ~/.ssh/config
file of each user desiring to use SSH smart card login.
PKCS11Provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Use this method to enforce SSH smart card login on a per user basis.
After this step you can SSH into the server using the smart card for authentication.
相关文章
- 使用Jetson_benchmark进行性能测试(0)
- win10远程桌面连接ubuntu20(RDP)(0)
- ubuntu中查看各种设备和资源的命令汇总(0)
- Ubuntu 如何实现用 root账户直接登陆(0)
- Linux下查看在线用户并踢出(0)