User-specific sshd_config?

Damien Miller djm at mindrot.org
Sat Apr 5 18:05:06 EST 2008


On Fri, 4 Apr 2008, Ingemar Nilsson wrote:

> Hi.
> 
> I wonder if it would be possible to implement support for a 
> user-specific sshd_config. The primary reason is that I would like the 
> ability to specify that I'm only allowed to login with a key pair, even 
> though the system-wide sshd configuration still allows passwords for 
> other users.

You can do this with the "Match" keyword in sshd_config now. You need
root access to configure it though.

Match user djm
	PasswordAuthentication no
	KbdInteractiveAuthentication no
	GSSAPIAuthentication no
	KerberosAuthentication no
	HostbasedAuthentication no
	PubkeyAuthentication yes

> Of course, a user-specific sshd_config file should not be able to break 
> the security policy of the system-wide configuration, only restrict it 
> even further.
> 
> Would this be possible?

Anything's possible :)

-d


More information about the openssh-unix-dev mailing list