{"id":75,"date":"2008-01-07T11:11:11","date_gmt":"2008-01-07T03:11:11","guid":{"rendered":"http:\/\/blog.urdada.net\/2008\/01\/07\/75\/"},"modified":"2008-01-27T10:32:47","modified_gmt":"2008-01-27T02:32:47","slug":"ssh-keyboard-interactive-authentication","status":"publish","type":"post","link":"https:\/\/dada.tw\/blog\/2008\/01\/07\/75\/","title":{"rendered":"SSH Keyboard-Interactive Authentication"},"content":{"rendered":"<p>\u6709\u4e9b SSH clients \uff08\u4f8b\u5982: <a href=http:\/\/www.vandyke.com\/products\/securecrt\/index.html target=_blank>SecureCRT<\/a>\uff09\u5141\u8a31\u4f7f\u7528\u8005\u300c\u5132\u5b58\u300d\u5bc6\u78bc\uff0c\u9019\u5c0d\u7cfb\u7d71\u5b89\u5168\u662f\u500b\u5927\u5fcc\uff0c\u4e00\u65e6 client \u906d\u53d7\u5165\u4fb5\uff0cserver \u4e5f\u6703\u66b4\u9732\u5728\u5371\u96aa\u4e4b\u4e2d\u3002<\/p>\n<p>\u5efa\u8b70\u76f4\u63a5\u5728\u4f3a\u670d\u5668\u7aef\u53d6\u6d88 SSH \u7684 password authentication \u529f\u80fd\uff0c\u6539\u7528 keyboard interactive \u7684\u65b9\u5f0f\u8a8d\u8b49\uff0c\u901a\u5e38\u9019\u6a23\u7684\u8a71\uff0cclient \u5c31\u7121\u6cd5\u5132\u5b58\u5bc6\u78bc\u4e86:<\/p>\n<p>1. OpenSSH &#8211; \/etc\/ssh\/sshd_config<\/p>\n<pre class=mono>\r\nPasswordAuthentication no\r\nChallengeResponseAuthentication yes\r\n<\/pre>\n<p>2. SSH2 (Tectia) &#8211; \/etc\/ssh2\/sshd2_config<\/p>\n<pre class=mono>\r\nAllowedAuthentications          publickey,keyboard-interactive\r\nAuthKbdInt.Optional             pam,password\r\nAuthKbdInt.Required             password\r\n<\/pre>\n<p>\u4fee\u6539\u597d\u4e0a\u8ff0 sshd \u7684\u8a2d\u5b9a\u6a94\u5f8c\uff0c\u9001\u500b HUP \u7d66 sshd \u5373\u53ef\uff08\u6ce8\u610f\u4e0d\u8981\u4e0d\u5c0f\u5fc3\u628a\u76ee\u524d\u7528\u7684 session \u4e5f\u780d\u4e86\uff0c\u4e0d\u7136\u6539\u932f\u7684\u8a71\u53ea\u597d\u5230 console \u524d\u9762\u53bb\u6551\u4e86\uff09<\/p>\n<pre class=mono>\r\n# ps ax | grep sbin\/sshd | grep Ss\r\n 9767 ?        Ss     0:00 \/usr\/sbin\/sshd\r\n# kill -HUP 9767\r\n<\/pre>\n<p>\u7136\u5f8c\u5c31\u53ef\u4ee5\u8acb\u5927\u5bb6\u6539\u7528 keyboard-interactive authentication \u4e86:<\/p>\n<p><a href=\"http:\/\/www.flickr.com\/photos\/urdada\/2174161870\/\" class=\"tt-flickr\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/farm3.static.flickr.com\/2181\/2174161870_58d7f2dbaa.jpg?resize=500%2C430\" alt=\"SSH keyboard-interactive authentication\" width=\"500\" height=\"430\" border=\"0\" \/><\/a> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6709\u4e9b SSH clients \uff08\u4f8b\u5982: SecureCRT\uff09\u5141\u8a31\u4f7f\u7528\u8005\u300c\u5132\u5b58\u300d\u5bc6\u78bc\uff0c\u9019\u5c0d\u7cfb\u7d71\u5b89\u5168\u662f\u500b\u5927\u5fcc\uff0c\u4e00\u65e6 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-75","post","type-post","status-publish","format-standard","hentry","category-security"],"views":7651,"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pubdi-1d","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":70,"url":"https:\/\/dada.tw\/blog\/2008\/01\/03\/70\/","url_meta":{"origin":75,"position":0},"title":"SSH2 vs OpenSSH","author":"dada","date":"2008-01-03","format":false,"excerpt":"\u5e38\u898b\u7684 SSH Implementation \u6709\u5169\u7a2e\uff0cssh.com \u7684 SSH \u4ee5\u53ca OpenSS\u2026","rel":"","context":"\u5728\u300c\u8cc7\u8a0a\u5b89\u5168\u300d\u4e2d","block_context":{"text":"\u8cc7\u8a0a\u5b89\u5168","link":"https:\/\/dada.tw\/blog\/category\/comp\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":41,"url":"https:\/\/dada.tw\/blog\/2007\/07\/23\/41\/","url_meta":{"origin":75,"position":1},"title":"[\u7834\u89e3] \u6253\u958b La Fonera \u7684 SSH \u5c01\u5370","author":"dada","date":"2007-07-23","format":false,"excerpt":"\u53bb\u5e74\u5e95\u8cb7\u4e86\u5169\u53f0 La Fonera\uff0c\u5e78\u904b\u7684\u662f\u5169\u53f0\u90fd\u662f\u7528 165\u5143\u5c31\u8cb7\u5230\u4e86\uff0c\u4f46\u4e0d\u5e78\u7684\u662f\u7576\u4e86\u767d\u8001\u9f20\uff0c\u9019\u5169\u2026","rel":"","context":"\u5728\u300c\u786c\u9ad4\u300d\u4e2d","block_context":{"text":"\u786c\u9ad4","link":"https:\/\/dada.tw\/blog\/category\/comp\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":36,"url":"https:\/\/dada.tw\/blog\/2005\/03\/25\/36\/","url_meta":{"origin":75,"position":2},"title":"\u4f7f\u7528 SSH \u914d\u5408\u6191\u8b49\u4f86\u9060\u7aef\u8907\u88fd\u6a94\u6848 (scp)","author":"dada","date":"2005-03-25","format":false,"excerpt":"\u4ee5\u4e0b\u6574\u7406 UNIX \u7cfb\u7d71\u4e0a\u9762\u4f7f\u7528 SSH \u914d\u5408\u6191\u8b49\u4f86\u9060\u7aef\u8907\u88fd\u6a94\u6848 \u5047\u8a2d\u6709\u4e00\u53f0\u4e3b\u6a5f\u53eb\u505a X\uff0c\u591a\u53f0\u8981\u88ab\u8907\u2026","rel":"","context":"\u5728\u300c\u8cc7\u8a0a\u5b89\u5168\u300d\u4e2d","block_context":{"text":"\u8cc7\u8a0a\u5b89\u5168","link":"https:\/\/dada.tw\/blog\/category\/comp\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":73,"url":"https:\/\/dada.tw\/blog\/2008\/01\/02\/73\/","url_meta":{"origin":75,"position":3},"title":"SSH Escape Character","author":"dada","date":"2008-01-02","format":false,"excerpt":"SSH client \u6709\u4e00\u500b Escape Character (\u8df3\u812b\u5b57\u5143)\uff0c\u4e8b\u5be6\u4e0a rsh\/rlo\u2026","rel":"","context":"\u5728\u300c\u8edf\u9ad4\u300d\u4e2d","block_context":{"text":"\u8edf\u9ad4","link":"https:\/\/dada.tw\/blog\/category\/comp\/software\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":60,"url":"https:\/\/dada.tw\/blog\/2007\/11\/01\/60\/","url_meta":{"origin":75,"position":4},"title":"La Fonera 0.7.2 r2 \u5347\u7d1a+SSH\u7834\u89e3","author":"dada","date":"2007-11-01","format":false,"excerpt":"[update on Dec 5, 2007] Warning: kolofonium may no\u2026","rel":"","context":"\u5728\u300c\u786c\u9ad4\u300d\u4e2d","block_context":{"text":"\u786c\u9ad4","link":"https:\/\/dada.tw\/blog\/category\/comp\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":35,"url":"https:\/\/dada.tw\/blog\/2005\/03\/29\/35\/","url_meta":{"origin":75,"position":5},"title":"\u4f7f\u7528 SSH \u914d\u5408\u6191\u8b49\u4f86\u9060\u7aef\u5099\u4efd\u6a94\u6848 (rsync)","author":"dada","date":"2005-03-29","format":false,"excerpt":"\u524d\u9762\u5beb\u4e86\u4e00\u7bc7\u300c\u4f7f\u7528 SSH \u914d\u5408\u6191\u8b49\u4f86\u9060\u7aef\u8907\u88fd\u6a94\u6848\u300d \u7c21\u4ecb\u4f7f\u7528 scp \u914d\u5408 ssh \u4f86\u9060\u7aef\u8907\u88fd\u6a94\u6848\u2026","rel":"","context":"\u5728\u300c\u8cc7\u8a0a\u5b89\u5168\u300d\u4e2d","block_context":{"text":"\u8cc7\u8a0a\u5b89\u5168","link":"https:\/\/dada.tw\/blog\/category\/comp\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/dada.tw\/blog\/wp-json\/wp\/v2\/posts\/75","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dada.tw\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dada.tw\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dada.tw\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dada.tw\/blog\/wp-json\/wp\/v2\/comments?post=75"}],"version-history":[{"count":0,"href":"https:\/\/dada.tw\/blog\/wp-json\/wp\/v2\/posts\/75\/revisions"}],"wp:attachment":[{"href":"https:\/\/dada.tw\/blog\/wp-json\/wp\/v2\/media?parent=75"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dada.tw\/blog\/wp-json\/wp\/v2\/categories?post=75"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dada.tw\/blog\/wp-json\/wp\/v2\/tags?post=75"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}