SSH 配置
vim /etc/ssh/sshd_config <<VIM > /dev/null 2>&1
:s/#LoginGraceTime 2m/LoginGraceTime 2m/
:s/#PermitRootLogin yes/PermitRootLogin no/
:s/#MaxAuthTries 6/MaxAuthTries 3/
:%s$#AuthorizedKeysFile$AuthorizedKeysFile?/dev/null$
:%s/GSSAPIAuthentication yes/GSSAPIAuthentication no/
:%s/GSSAPICleanupCredentials yes/GSSAPICleanupCredentials no/
:wq
?
VIM
禁止证书登陆 AuthorizedKeysFile /dev/null
http://netkiller.github.com/
锁定用户禁止登陆
?
passwd -l bin
passwd -l daemon
passwd -l adm
passwd -l lp
passwd -l sync
passwd -l shutdown
passwd -l halt
passwd -l mail
passwd -l uucp
passwd -l operator
passwd -l games
passwd -l gopher
passwd -l ftp
passwd -l nobody
passwd -l vcsa
passwd -l saslauth
?
passwd -l postfix
?
检查可以登陆的用户与有密码的用户
?
#!/bin/bash
function section(){
local title=$1
echo "=================================================="
echo " $title "
echo "=================================================="
}
section "Check login user"
grep -v nologin /etc/passwd
section "Check login password"
grep '\$' /etc/shadow
section "Check SSH authorized_keys file"
for key in $(ls -1 /home)
do
if [ -e $key/.ssh/authorized_keys ]; then
echo "$key : $key/.ssh/authorized_keys"
else
echo "$key : "
fi
done
?http://netkiller.github.com/
?
55.2.1.?pam_tally2.so
此模块的功能是,登陆错误输入密码3次,5分钟后自动解禁,在未解禁期间输入正确密码也无法登陆。
在配置文件 /etc/p
