我已经将 google-authenticator 设置为 2FA 和公钥身份验证。我需要的是从特定 IP 通过 SSH 连接时跳过 2FA。
我正在运行 Ubuntu 18.04。
/etc/pam.d/sshd 的相关代码片段
# PAM configuration for the Secure Shell service
# Standard Un*x authentication.
#@include common-auth
auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
auth required pam_google_authenticator.so
# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so
# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account required pam_access.so
# Standard Un*x authorization.
@include common-account
/etc/security/access-local.conf
#localhost doesn't need two step verification
+ : ALL : 192.168.1.20
#All other hosts need two step verification
- : ALL : ALL
/etc/ssh/sshd_config
PermitRootLogin no
PubkeyAuthentication yes
AuthenticationMethods publickey,keyboard-interactive:pam
/etc/ssh/ssh_known_hosts
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes
X11Forwarding no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
结果
Permission denied (keyboard-interactive).
每次更改后我都重新启动 sshd,甚至尝试重新启动机器。
在将其标记为重复之前,我尝试了所有这些答案,但似乎都不起作用,互联网上还有其他一些资源:
SSH Google Authenticator 忽略/白名单 ips
此时我不确定我错过了什么。
编辑:我修改了问题,原来的问题是从本地主机连接,正如 michael-hampton 在评论中指出的那样,这是没用的。谢谢。