基于yubikey配合pam登录centos的安全认证登录
- 如果yubikey为默认设置则跳过此步;否则按如下设置
下载对应的YubiKey Personalization Tool https://www.yubico.com/products/services-software/download/
上传完成后如图所示:
2. 安装认证模块
#yum -y install epel-release
#yum -y install pam_yubico
确认/lib64/security/或/usr/lib64/security有pam_yubico.so模块
3. 创建用户认证文件
#touch /etc/yubikey_mappings
格式如下:
USER_NAME:YUBIKEY_ID[:YUBIKEY_ID2]
YUBIKEY_ID取OTP前12个字符
4. 修改/etc/pam.d/sshd
auth required pam_yubico.so id=ID authfile=/etc/yubikey_mappings
ID请到https://upgrade.yubico.com/getapikey/申请
说明:
若yubikey作单因素认证则修改为如下:
auth sufficient pam_yubico.so id=ID authfile=/etc/yubikey_mappings
5. 修改/etc/ssh/sshd_config
ChallengeResponseAuthentication yes
UsePAM yes
6. 重启sshd服务并登录验证。
备注:
yum install libyubikey-devel
yum install ykclient
yum install ykpers
重置
浙公网安备 33010602011771号