此内容没有您所选择的语言版本。
3.2.2.2. Multiple Authentication Methods
Using multiple authentication methods, or multi-factor authentication, increases the level of protection against unauthorized access, and as such should be considered when hardening a system to prevent it from being compromised. Users attempting to log in to a system that uses multi-factor authentication must successfully complete all specified authentication methods in order to be granted access.
Use the
AuthenticationMethods
configuration directive in the /etc/ssh/sshd_config
file to specify which authentication methods are to be utilized. Note that it is possible to define more than one list of required authentication methods using this directive. If that is the case, the user must complete every method in at least one of the lists. The lists need to be separated by blank spaces, and the individual authentication-method names within the lists must be comma-separated. For example:
AuthenticationMethods publickey,gssapi-with-mic publickey,keyboard-interactive
An
sshd
daemon configured using the above AuthenticationMethods
directive only grants access if the user attempting to log in successfully completes either publickey
authentication followed by gssapi-with-mic
or by keyboard-interactive
authentication. Note that each of the requested authentication methods needs to be explicitly enabled using a corresponding configuration directive (such as PubkeyAuthentication
) in the /etc/ssh/sshd_config
file. Refer to the AUTHENTICATION section of ssh(1)
for a general list of available authentication methods.