Securing your Linux server: Authentication with the command line

Protect your Linux server: Use the command line for authentication

In the Internet era, server security issues have become particularly important. As a server administrator, you must ensure that your Linux server is secure on the network. In addition to using firewalls and encryption protocols, an effective authentication mechanism is an important part of protecting your server from unauthorized access. In this article, we will discuss how to secure your Linux server using command line authentication.

In Linux systems, there are several common authentication mechanisms, such as password authentication, key authentication, and two-factor authentication. Below are some common command line tools and examples that can help you set up and manage these authentication mechanisms.

1. Password Authentication

Password authentication is the most common authentication method where users can verify their identity by entering their username and password. In Linux systems, the passwd command is used to set and change user passwords.

To set a password for a user, use the following command:

sudo passwd username

After entering the above command, you will be prompted for a new password twice. Make sure your password is complex enough and changed regularly.

2. Key Authentication

Key authentication is a more secure and convenient authentication method. It is an encryption/decryption mechanism based on public and private keys. First, you need to generate a key pair for the user. Use the following command to generate a key pair:

ssh-keygen -t rsa

The above command will generate an RSA key pair and save it in the .ssh directory under the user's home directory. The public key (id_rsa.pub) will be used for authentication and the private key (id_rsa) will be saved locally on your computer. You can copy the public key to the ~/.ssh/authorized_keys file on the remote server like this:

cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Now, every time you try to connect to the remote server using ssh, the system will use the public key Authenticate.

3. Two-factor authentication

Two-factor authentication combines a password and other factors, such as fingerprint recognition or one-time passwords. For this authentication method, you can use Google Authenticator, an open source two-factor authentication system.

First, you need to install the Google Authenticator client. On Ubuntu, you can install it using the following command:

sudo apt-get install libpam-google-authenticator

You will then need to generate keys for each user you want to enable two-factor authentication. Use the following command:

google-authenticator

The above command will generate a key and a QR code. You can use an app like Google Authenticator to scan the QR code and associate the generated one-time password with the user.

Finally, you need to update the PAM (Pluggable Authentication Modules) configuration file to enable two-factor authentication. Open the /etc/pam.d/sshd file and add the following lines:

auth required pam_google_authenticator.so

After saving and closing the file, restart the SSH service.

This article only introduces some basic command line tools and examples for protecting your Linux server. There are other, more advanced authentication methods and tools available, such as using LDAP or RADIUS for authentication. Whichever method you choose, make sure you update your passwords/keys regularly and only grant access to trusted users.

By leveraging command line tools and authentication mechanisms, you can provide additional security for your Linux server, ensuring that only authorized users can access and manage the server. Remember, protecting your servers is an ongoing task that requires regularly reviewing and updating your security policies.

Protect your server, protect your data, protect your users!

The above is the detailed content of Securing your Linux server: Authentication with the command line. For more information, please follow other related articles on the PHP Chinese website!