分类目录归档:未分类

SSHD的二次验证

仅Ubuntu 20.04的版本,测试通过。https://zhuanlan.zhihu.com/p/440818672?utm_id=0

第一步:配置PublicKey方式,并验证通过。

第二步:按照上述URL配置,在启用以下指令时,确保时间已经同步。

ntpdate pool.ntp.org   #确保时间同步
sudo apt install -y libpam-google-authenticator
google-authenticator -t -f -d -w 3 -e 10 -r 3 -R 30
# 启用两步验证
$ sudo vim /etc/pam.d/sshd
# @include common-auth  # 将禁用密码身份验证
auth required pam_google_authenticator.so  # 禁用密码验证

# 修改SSH配置文件
$ sudo vim /etc/ssh/sshd_config
Port 1090
ChallengeResponseAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
AuthenticationMethods publickey,keyboard-interactive

# 重启SSH服务
$ sudo systemctl restart ssh.service

键盘交互 http://www.kxtry.com/archives/3980

SSH服务端检查服务支持的验证方式如下:
执行命令:sudo sshd -T

port 22
addressfamily any
listenaddress [::]:22
listenaddress 0.0.0.0:22
usepam yes
logingracetime 120
x11displayoffset 10
maxauthtries 6
maxsessions 10
clientaliveinterval 0
clientalivecountmax 3
streamlocalbindmask 0177
permitrootlogin without-password
ignorerhosts yes
ignoreuserknownhosts no
hostbasedauthentication no
hostbasedusesnamefrompacketonly no
pubkeyauthentication yes
kerberosauthentication no
kerberosorlocalpasswd yes
kerberosticketcleanup yes
gssapiauthentication no
gssapicleanupcredentials yes
gssapikeyexchange no
gssapistrictacceptorcheck yes
gssapistorecredentialsonrekey no
gssapikexalgorithms gss-gex-sha1-,gss-group14-sha1-
passwordauthentication yes
kbdinteractiveauthentication no
challengeresponseauthentication no
printmotd no
printlastlog yes
x11forwarding yes
x11uselocalhost yes
permittty yes
permituserrc yes
strictmodes yes
tcpkeepalive yes
permitemptypasswords no
compression yes
gatewayports no
usedns no
allowtcpforwarding yes
allowagentforwarding yes
disableforwarding no
allowstreamlocalforwarding yes
streamlocalbindunlink no
fingerprinthash SHA256
exposeauthinfo no
pidfile /run/sshd.pid
xauthlocation /usr/bin/xauth
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
banner none
forcecommand none
chrootdirectory none
trustedusercakeys none
revokedkeys none
securitykeyprovider internal
authorizedprincipalsfile none
versionaddendum none
authorizedkeyscommand none
authorizedkeyscommanduser none
authorizedprincipalscommand none
authorizedprincipalscommanduser none
hostkeyagent none
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256
hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
rdomain none
loglevel INFO
syslogfacility AUTH
authorizedkeysfile .ssh/authorized_keys .ssh/authorized_keys2
hostkey /etc/ssh/ssh_host_rsa_key
hostkey /etc/ssh/ssh_host_ecdsa_key
hostkey /etc/ssh/ssh_host_ed25519_key
acceptenv LANG
acceptenv LC_*
authenticationmethods any
subsystem sftp /usr/lib/openssh/sftp-server
maxstartups 10:30:100
permittunnel no
ipqos lowdelay throughput
rekeylimit 0 0
permitopen any
permitlisten any
permituserenvironment no
pubkeyauthoptions none

linux man命令数据库

man 命令
作用: Linux 为所有命令和系统调用编写了帮助手册。使用man 命令可以方便地获取某个命令的帮助信息。
用法: man [手册编号] 命令名
man 命令在显示手册页时实际调用less 完成显示,J K可以上下翻动,空格用于向下翻页。

手册总共分为9 节,各部分内容如下:
目 录 内 容
/usr/share/man/man1 普通命令和应用程序
/usr/share/man/man2 系统调用
/usr/share/man/man3 库调用,主要是libc()函数的使用文档
/usr/share/man/man4 设备驱动和网络协议
/usr/share/man/man5 文件的详细格式信息
/usr/share/man/man6 游戏
/usr/share/man/man7 文档使用说明
/usr/share/man/man8 系统管理命令
/usr/share/man/man9 内核源代码或模块的技术指标

https://github.com/mkerrisk/man-pages/tree/master

https://man7.org/linux/man-pages/man1/
https://man7.org/linux/man-pages/man2/
https://man7.org/linux/man-pages/man3/
https://man7.org/linux/man-pages/man4/
https://man7.org/linux/man-pages/man5/
https://man7.org/linux/man-pages/man7/
https://man7.org/linux/man-pages/man8/

GPL协议

GPL主张的是“让产品的使用者真正拥有对产品的控制权”,而不是主张“共产主义,代码属于所有人”。GPL并不要求免费,也不要求别人代码开源,他只是要求你保证:你把产品传递给用户了,用户应该真正拥有这个产品,也就是说,他必须有能力修改它,所以你必须提供源代码给这个用户,这还不仅仅要求代码,你还应该保证这个代码的GPL部分可以被修改后重建,所以,你还需要提供Makefile,可获取的编译器等辅助设施,否则都可以视为侵权的。

PhotoShop照片处理

1、拖入蓝底照片到ps
2、复制图层(ctrl+J)
3、选择—主体 蚂蚁线框选出人物
4、选择—选择并遮住
5、右边参数框勾选净化颜色
6、左边人物框用第二个画笔(调整边缘画笔)涂抹人物边缘,画笔大小要合适,速度适中,不可反复涂抹,一次带过即可
7、涂抹结束后点击确定,你会发现你抠出来的人物带了一个蒙版
8、在这个带蒙版的人物下方,新建一个白色图层
9、大功告成,导出照片你就会得到一个白色底的证件照