安装epel包
dnf -y install epel-release安装 Google 两步认证模块
dnf -y install google-authenticator qrencode配置Google 两步认证
sudo vi /etc/pam.d/sshd
#在文件末尾添加
auth required pam_google_authenticator.so
sudo vi /etc/ssh/sshd_config
#设置 防止某些人恶意试探密码
ChallengeResponseAuthentication yes
google-authenticator用手机google-authenticator 扫描生成的二维码 绑定两步验证
绑定好 生成的验证码 输入提示框
后续刷出的选项为了安全 全部选择 Y
- Use “time-based” time-based tokens: **yes **
- Update the
.google_authenticatorfile: yes - Disallow multiple uses of the same authentication token: yes
- Increase the original generation time limit: yes
- Enable rate-limiting: yes
Your emergency scratch codes are:
这个紧急救援备份密匙 备份保存下