Re: Match directive question

From: Darren Tucker <dtucker@xxxxxxxxxxxxxxxx>
Date: Mon, 21 May 2007 07:44:22 +1000

On 2007-05-11, ~David~ <shadoweyez@xxxxxxxxx> wrote:

Hi all;

In openssh 4.6, with the new Match directive, I need an example.
I have two users, one that I want to only let in with a key (call her
rsakey), and one I only want to let in with a password (call him pass)
Would it be something like:
Match User rsakey
RSAAuthentication yes
PasswordAuthentication no
Match User pass
RSAAuthentication no
PasswordAuthentication yes

Would this work?

Yes.

Is there a site or page that explains this?

sshd_config(5). There's also an example in the sshd_config that ships
with 4.6.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
.

References:
- Match directive question
  - From: ~David~

Prev by Date: Re: ssh X tunneling through more than one server
Next by Date: Re: restricted password access
Previous by thread: Match directive question
Next by thread: Win Putty no connection with beep. No error message. HowTo fix registry
Index(es):
- Date
- Thread

Relevant Pages

Match directive question
... In openssh 4.6, with the new Match directive, I need an example. ... Match User rsakey ... RSAAuthentication yes ... PasswordAuthentication yes ...
(comp.security.ssh)
Re: UsePAM and PasswordAuthentication under 4.1p1
... > seemed to indicate a problem with the ssh/PAM interface. ... OpenSSH versions 3.7x and 3.8x did not use PAM for PasswordAuthentication, ... As long as your PAM modules are simple enough to work with ... Good judgement comes with experience. ...
(comp.security.ssh)
Re: OpenSSH 3.8p1 on Solaris with PAM/krb5
... > What do I need to do to get sshd to try to use PAM ... Set "PasswordAuthentication no" in sshd_config. ... Darren Tucker ... Good judgement comes with experience. ...
(SSH)
Re: Userbased ssh auth. methods
... If it's a recent OpenSSH (4.6 and ... Match User john ... PasswordAuthentication yes ... Good judgement comes with experience. ...
(comp.security.ssh)
Re: per user authentication types?
... You can do some limited things (eg setting a given user's passwd field in /etc/shadow to "*", which will prevent password authentication while still allowing non-password authentications) but there's no general method. ... There's been some workrecently to extend sshd_config to allow it to apply some config directives based on certain attributes of the connection. ... PasswordAuthentication yes ... Good judgement comes with experience. ...
(SSH)