disable password authentication per user
Darren Tucker
dtucker at zip.com.au
Tue Oct 19 09:58:02 EST 2004
Brett Hamilton wrote:
> I would like disable password authentication in sshd for particular users,
> without locking their UNIX password, and without requiring all users to
> use PubkeyAuthentication. I cannot find a documented way to accomplish
> this in OpenSSH. Is it currently possible?
Not within OpenSSH itself.
I you're using PAM, however, you could arrange for PAM to do it by
having the sshd auth stack reject those users (sshd's public-key
authentication will still work).
For example, if you're using a LinuxPAM, putting this into the first
line of /etc/pam.d/sshd ought to do it (all one line, untested):
auth required pam_listfile.so onerr=succeed item=user
sense=deny file=/etc/nopasswdusers
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list