ubuntu bash 脚本 一键开启 ssh google-authenticator
本帖最后由 HughRyu 于 2024-5-25 14:57 编辑群友讨论2FA,突然手痒重温了一下ubuntu安装 ssh google-authenticator流程。
为了作为记录,整理个脚本,顺便和大家共享一下。
可以手动选择是否同时开启密码访问,执行后生成相关信息存于~/ga2fa.txt
具体内容详见脚本注释。
ubuntu bash scriptssh over TOTP(2FA) by google-authenticator
####################################################################################
#The operation instructions are in accordance with Ubuntu official guidelines.
#Reference: https://ubuntu.com/tutorials/configure-ssh-2fa#1-overview
#!/bin/bash
# Install Google Authenticator PAM module
sudo apt install -y libpam-google-authenticator
# Generate Google Authenticator secrets and QR codes and store the output in ~/ga2fa.txt
# -t: Generate time-based tokens
# -f: Force output to a file
# -d: Disable base32 encoding
# -w 3: Set the window size to 3
# -e 10: Set the issue period to 10 seconds
# -r 3: Set the scratch window size to 3
# -R 30: Set the recovery window size to 30
# tee ~/ga-output.txt: Redirect the output to the ~/ga-output.txt file
google-authenticator -t -f -d -w 3 -e 10 -r 3 -R 30 | tee ~/ga2fa.txt
# Enable challenge-response passwords for SSH
sudo sed -i 's/^#ChallengeResponseAuthentication no$/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config
sudo sed -i 's/^ChallengeResponseAuthentication no$/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config
# Prompt the user to enable or disable password authentication
echo -n "Do you want to enable password authentication for SSH? (y/n) "
read -t 10 -p "Default is 'y' (Enable_password): " enable_password
# Check if the user entered a valid response
if [ -z "$enable_password" ]; then
enable_password="y"
# Enable or disable password authentication based on the user's response
if [ "$enable_password" == "y" ]; then
sudo sed -i 's/^#PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sudo sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
echo "Password authentication enabled."
elif [ "$enable_password" == "n" ]; then
sudo sed -i 's/^PasswordAuthentication yes/#PasswordAuthentication no/' /etc/ssh/sshd_config
echo "Password authentication disabled."
else
echo "Invalid input. Please enter 'y' to enable or 'n' to disable password authentication."
fi
# Restart SSH service
sudo systemctl restart sshd.service
####################################################################################
嗯,喜欢看这种代码,就是不知道这个是干啥的 不说明的一定都是有大用处的~懂的研究收藏, 和我一样不懂的凑热闹就行。。。 我也很赞同楼上的说法~字越少东西越厉害~!呵呵
页:
[1]