我需要通过 ssh 连接到远程主机。客户端不支持 ssh 密钥方法,但能够连接到远程,但因错误“没有可用的支持的身份验证方法”而断开连接。
如何只允许客户端 A 能够连接到此远程主机 B,而不使用 ssh 密钥方法。
答案1
您可以使用Match指令 in/etc/sshd_config将密码身份验证限制为 IP 地址范围或主机通配符模式,以及用户或组(如果您愿意)。例如,以下行禁止除来自 localhost 之外的密码身份验证。
PasswordAuthentication no
Match Address 127.0.0.1,::1
PasswordAuthentication yes
答案2
如果您有权访问服务器,则可以在以下位置进行设置sshd_config:
Match Address 198.51.100.37
PasswordAuthentication yes
确保这是在结尾文件的。
如果您无权访问服务器,那么您就不走运了。
答案3
man sshd_config是你的朋友,看看 Match
Match Introduces a conditional block. If all of the criteria on the
Match line are satisfied, the keywords on the following lines
override those set in the global section of the config file,
until either another Match line or the end of the file.
The arguments to Match are one or more criteria-pattern pairs.
The available criteria are User, Group, Host, and Address. The
match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described
in the PATTERNS section of ssh_config(5).
The patterns in an Address criteria may additionally contain
addresses to match in CIDR address/masklen format, e.g.
“192.0.2.0/24” or “3ffe:ffff::/32”. Note that the mask length
provided must be consistent with the address - it is an error to
specify a mask length that is too long for the address or one
with bits set in this host portion of the address. For example,
“192.0.2.0/33” and “192.0.2.0/8” respectively.