![如何在 OpenSSH 配置中强制执行最大身份验证时间?](https://linux22.com/image/1703835/%E5%A6%82%E4%BD%95%E5%9C%A8%20OpenSSH%20%E9%85%8D%E7%BD%AE%E4%B8%AD%E5%BC%BA%E5%88%B6%E6%89%A7%E8%A1%8C%E6%9C%80%E5%A4%A7%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E6%97%B6%E9%97%B4%EF%BC%9F.png)
我试图通过强制实施最大身份验证时间限制来增强 OpenSSH 服务器配置的安全性。但是,当我尝试通过向MaxAuthAge
文件添加选项来实现这sshd_config
一点时,我遇到了一个错误,表明该选项无法识别。尽管搜索了 OpenSSH 文档,但我找不到设置最大身份验证时间的直接方法。
在 OpenSSH 中强制实施最大身份验证时间限制的推荐方法是什么?是否有其他方法或配置可以有效实现此目标?任何见解或建议都将不胜感激。
这是我尝试验证配置时遇到的错误消息:
$ /usr/sbin/sshd -tT
/etc/ssh/sshd_config: line 100: Bad configuration option: MaxAuthAge
/etc/ssh/sshd_config: terminating, 1 bad configuration options
sshd_config
:# NAME: LALATENDU HARDENED OPENSSH CONFIGURATION # AUTHOR: LALATENDU # DATE CREATED: MARCH 02, 2024 # LAST UPDATED: MARCH 02, 2024 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS Protocol 2 PermitRootLogin no PermitTunnel no Subsystem sftp internal-sftp PasswordAuthentication no ClientAliveInterval 180 ClientAliveCountMax 2 GatewayPorts no DisableForwarding yes AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 AllowUsers lalatendu AllowStreamLocalForwarding no Ciphers [email protected],aes256-ctr,aes192-ctr,aes128-ctr,[email protected] MACs [email protected],[email protected] KexAlgorithms [email protected] HostKeyAlgorithms [email protected],[email protected] PubkeyAcceptedKeyTypes ssh-ed25519 MaxSessionsPerUser 2 MaxAuthTries 3 MaxSessions 2 MaxAuthAge 600 LoginGraceTime 30 MaxStartups 3:50:10 PermitEmptyPasswords no PubkeyAuthentication yes ChallengeResponseAuthentication no HostbasedAuthentication no UsePrivilegeSeparation sandbox StrictModes yes X11Forwarding no AllowTcpForwarding no StrictModes yes IgnoreRhosts yes PrintMotd yes PrintLastLog yes Banner /etc/issue.net Compression no LogLevel VERBOSE AllowAgentForwarding no TCPKeepAlive no UseDNS no Match Address 192.168.1.100 AllowUsers lalatendu PermitOpen any PermitRootLogin no X11Forwarding yes PasswordAuthentication no DenyUsers ubuntu centos admin DenyGroups docker