ユーザーがSSHにログインするのを防ぐ他の設定はありますか?

tag-icon tag-icon linux ssh
ユーザーがSSHにログインするのを防ぐ他の設定はありますか?

したがって、リモートLinuxサーバーには2人のユーザーがいます:、とuserA同じ方法でuserBローカルを追加しました。id_rsa.puファイル権限と所有権は大丈夫ですが、そうすれば次のようになります。authorized_keysssh remoteServeruserAuserB

これはログですssh -vvv

良いもの:ssh -vvv userA@ip

debug2: key: /Users/sato/.ssh/id_rsa (0x7fac52415cc0), explicit
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:****************************************** /Users/sato/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:*******************************************
debug1: Authentication succeeded (publickey).
Authenticated to *************** (*********************).

悪い点:ssh -vvv userB@ip

debug2: key: /Users/sato/.ssh/id_rsa (0x7faf19c186a0), explicit
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:****************************************** /Users/sato/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
********************: Permission denied (publickey,keyboard-interactive).

userBでログインできないのはなぜですか?

# ls -ld /home/userB
drwxr-xr-x 7 userB userB 4096 2018-03-29 18:29 /home/userB
# ls -ld /home/userB/.ssh/
drwx------ 2 userB userB 4096 2018-03-30 10:45 /home/userB/.ssh/
# ls -l /home/userB/.ssh/
total 16
-rw------- 1 userB userB  805 2018-03-30 10:45 authorized_keys
-rw------- 1 userB userB 1675 2018-02-15 16:15 id_rsa
-rw-r--r-- 1 userB userB  400 2018-02-15 16:15 id_rsa.pub
-rw-r--r-- 1 userB userB 1300 2018-02-15 16:27 known_hosts

# ls -ld /home/userA
drwxr-xr-x 21 userA userA 4096 2018-03-21 16:13 /home/userA
# ls -ld /home/userA/.ssh/
drwx------ 2 userA userA 4096 2018-03-30 10:45 /home/userA/.ssh/
# ls -l /home/userA/.ssh/
total 128
-rw------- 1 userA userA    805 2018-03-30 10:45 authorized_keys
-rw------- 1 userA userA   3243 2018-01-05 17:09 id_rsa
-rw-r--r-- 1 userA userA    747 2018-01-05 17:09 id_rsa.pub
-rw-r--r-- 1 userA userA 104246 2018-03-06 15:09 known_hosts

sshd_config:

HostKey /etc/ssh/ssh_host_key
HostDsaKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 120
KeyRegenerationInterval 3600
PermitRootLogin no
IgnoreRhosts no
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
SyslogFacility AUTH
LogLevel VERBOSE
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no

ベストアンサー1

おすすめ記事