Re: sshd config question



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kurt Heberlein wrote:
Can't seem to find this answer anywhere. This question is from a server
perspective. Is there a way to configure sshd, so that for some set of
users it allows password authentication and for others only public-key
authentication?

I've achieved something similar on my system by setting the password for
user accounts that I don't want to use password authentication to "!!" eg:

public-key-only-user:!!:13109:0:99999:7:::

However, ordinary password users can still set up public key authentication.

I use this to restrict access to admin accounts to public-key
authentication only for security, and I'm not too fussed if ordinary
users want to use public key authentication in addition to passwords.

Hope this is useful.

Take care,

Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBQ+j5OOgNmph0Y1E2AQLI7RAAntSwtwwF9fYOKsUIljOREtYZL8L3mFRn
VljtU07+Jv6hJ5/qAD3CKclDSABHdafnjzC3mQVA9bPi5o1PAiY/wBPJg+W0009Q
2v81Ph2CVWgP3pb2+ZttEsyZPz1y9W+sceWHFVnw/32VTGV1j79VlPnJfufmp3y4
PTfM2rZlDfZ7ogbDIYm9qdVvUYvxtmlRjP72sV6lCSxBaxfLfqQtHRPM02X6QHIl
6IlfkMrOP5F9F6bqsjfOoximPMrZg8/yjnNBuHqrRvnXe7VQ0aZmvyo01CS//bn9
WGOiLtnZ0kjHrkU4EjykJckrVMSQ/cBr0Osx1r8reKKuF0+0MnLag8H8FFFfSulc
SDhZsl5q6zGzoIztoW4EQEwRMzZO6KhwKQFNvsrNRABJ/i1QgZa2GyAwg9NxGnK6
S8birSGP1mWhVGAyArtoL6/7RlzBLB5o9y44MgmMEFwYyIAOLCsqdGorehE67yjp
c/mjz6Pe1CYQaatIQh4tmdyKUOpUHZGZmqdybeC/9+W2KUeKW06Noq347pPlXpjY
Zk3yraJ74WR1DUwq2F4Z1C5w/05MAWMZz+IlZRJRAvpaFZE6tggnuuPumeL6AhwG
EXc7gvPPTLmheix2r/FJ4L7ADVcUwXUkU9t6lP2HHQ14+TDzkRB5/yzJHSZ2DfKz
5l1rVyHl4bw=
=lyPF
-----END PGP SIGNATURE-----