如何允许使用密码而不是密钥交换进行 SSH 连接。

如何允许使用密码而不是密钥交换进行 SSH 连接。

我需要通过 ssh 连接到远程主机。客户端不支持 ssh 密钥方法,但能够连接到远程,但因错误“没有可用的支持的身份验证方法”而断开连接。

如何只允许客户端 A 能够连接到此远程主机 B,而不使用 ssh 密钥方法。

答案1

您可以使用Match指令 in/etc/sshd_config将密码身份验证限制为 IP 地址范围或主机通配符模式,以及用户或组(如果您愿意)。例如,以下行禁止除来自 localhost 之外的密码身份验证。

PasswordAuthentication no
Match Address 127.0.0.1,::1
    PasswordAuthentication yes

答案2

如果您有权访问服务器,则可以在以下位置进行设置sshd_config

Match Address 198.51.100.37
PasswordAuthentication yes

确保这是在结尾文件的。

如果您无权访问服务器,那么您就不走运了。

答案3

man sshd_config是你的朋友,看看 Match

 Match   Introduces a conditional block.  If all of the criteria on the
         Match line are satisfied, the keywords on the following lines
         override those set in the global section of the config file,
         until either another Match line or the end of the file.

         The arguments to Match are one or more criteria-pattern pairs.
         The available criteria are User, Group, Host, and Address.  The
         match patterns may consist of single entries or comma-separated
         lists and may use the wildcard and negation operators described
         in the PATTERNS section of ssh_config(5).

         The patterns in an Address criteria may additionally contain
         addresses to match in CIDR address/masklen format, e.g.
         “192.0.2.0/24” or “3ffe:ffff::/32”.  Note that the mask length
         provided must be consistent with the address - it is an error to
         specify a mask length that is too long for the address or one
         with bits set in this host portion of the address.  For example,
         “192.0.2.0/33” and “192.0.2.0/8” respectively.

相关内容