Google-Authenticator

SSH Google Authenticator 忽略/白名單 ip

  • April 30, 2020

我安裝了 google 身份驗證器(兩步驗證)、“libpam-google-authenticator”包,儘管它要求為每個 SSH 連接提供程式碼。我想將 localhost 和我自己的 ip 從 google 身份驗證器列入白名單,所以我和 localhost 跳過兩步驗證

或者有沒有辦法跳過某些 ips 的 SSH 挑戰?

在“/etc/pam.d/sshd”中

auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
auth required pam_google_authenticator.so

然後在“/etc/security/access-local.conf”

#localhost doesn't need two step verification
+ : ALL : 192.168.1.0/24
+ : ALL : LOCAL
+ : ALL : YOURIPHERE
#All other hosts need two step verification
- : ALL : ALL

不要忘記重新啟動 ssh

引用自:https://serverfault.com/questions/799657