disable password authentication per user

Brett Hamilton open at simple.be
Tue Oct 19 04:11:01 EST 2004


I would like disable password authentication in sshd for particular users,
without locking their UNIX password, and without requiring all users to
use PubkeyAuthentication. I cannot find a documented way to accomplish
this in OpenSSH. Is it currently possible?

If not, I think this would be a very useful feature to add.  I believe
that each user should have some control of which authentication methods
are allowed to login to their account, within the limits set by the
server's sshd_config.  For users with special privileges, this feature
(like PermitRootLogin) could increase security without restricting the
options for normal users.

I'm not sure what the best way to implement this, but perhaps the user's
authorized_keys file could contain a line that meant: "If no keys match,
then apply these settings. One of those settings could be:
disable-password-authentication.

Thanks,
--Brett





More information about the openssh-unix-dev mailing list