disable password authentication per user

Darren Tucker dtucker at zip.com.au
Tue Oct 19 09:58:02 EST 2004

Brett Hamilton wrote:
> I would like disable password authentication in sshd for particular users,
> without locking their UNIX password, and without requiring all users to
> use PubkeyAuthentication. I cannot find a documented way to accomplish
> this in OpenSSH. Is it currently possible?

Not within OpenSSH itself.

I you're using PAM, however, you could arrange for PAM to do it by 
having the sshd auth stack reject those users (sshd's public-key 
authentication will still work).

For example, if you're using a LinuxPAM, putting this into the first 
line of /etc/pam.d/sshd ought to do it (all one line, untested):

auth       required     pam_listfile.so onerr=succeed item=user 
sense=deny file=/etc/nopasswdusers

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list