Re: SSH pubkey or password based on user group

---

• From: "Richard E. Silverman" <res@xxxxxxxx>
• Date: 27 Oct 2007 21:07:28 -0400

---

"AN" == Anastassios Nanos <ananos@xxxxxxxxxxx> writes:

AN> Nikos Nikoleris wrote:
>> Hi,
>>
>> What I was trying to do is not to allow users that are in root
>> group to login using ssh in our server without having their public
>> key while every other user can choose whether they will login using
>> their password or their public key. I was searching through pam
>> modules without success if there was a way of doing this through
>> pam but I couldn't find any module that will have my job done. Does
>> anyone have any clue if there is a way of doing this

AN> hello.

AN> I'm posting in case there is someone else who wants to do that.

AN> finally, we did it ... ;-)

AN> /etc/pam.d/ssh: auth required pam_listfile.so item=group
AN> sense=deny file=/etc/ssh/sshd.deny onerr=succeed

AN> /etc/ssh/sshd.deny: pubkeyssh

AN> so any member of pubkeyssh group is allowed to login only with a
AN> pubkey.

AN> I 'm sure there is an easier way to do it but it's more about pam
AN> than ssh.

AN> cheers,

AN> -- Anastassios Nanos <ananos@xxxxxxxxxxx>

AN> 1024D/CCCE759D 2007/04/29 Anastassios Nanos <ananos@xxxxxxxxxxx>
AN> Key fingerprint = 60EC 7B9E CD11 9AB2 C3CE B694 08D6 F033 CCCE
AN> 759D

[sshd_config]

match group root
passwordauthentication no

--
Richard Silverman
res@xxxxxxxx

.

---

• Follow-Ups:
  • Re: SSH pubkey or password based on user group
    • From: Nikos Nikoleris
  • Re: SSH pubkey or password based on user group
    • From: Unruh
  • Re: SSH pubkey or password based on user group
    • From: Nico

• References:
  • SSH pubkey or password based on user group
    • From: Nikos Nikoleris
  • Re: SSH pubkey or password based on user group
    • From: Anastassios Nanos

• Prev by Date: Re: SSH pubkey or password based on user group
• Next by Date: Re: SSH pubkey or password based on user group
• Previous by thread: Re: SSH pubkey or password based on user group
• Next by thread: Re: SSH pubkey or password based on user group
• Index(es):
  • Date
  • Thread

---

Relevant Pages Confusion on SSH and PAM ... The idea being that I use Public Key authentication. ... Yes to PAM authentication etc. ... As long as I login as root with a key, ... (freebsd-questions) SUMARY: Cant login as root ... As a result, i was not able to log in as root, neither create a new ... Asunto: RE: Can't login as root ... > console. ... > If we log as any other user everythig is ok, but we cannot either do su-. ... (Tru64-UNIX-Managers) RE: Urgent help needed with Login problems after installation of FC1 ... symptom trying to su back to root. ... After another minimal install, I was able to add my user and su to it and su ... I was unable to boot using the boot floppy. ... I did a minimal install and was able to login as root, ... (Fedora) Re: BSM, SSH, and Session ID ... Are you logging in as root through ssh or is that just the way it is ... Sun SSH/OpenSSH should fork off before the login because the sshd ... It should always be a different session, ... (Focus-SUN) Re: SSH pubkey or password based on user group ... >> What I was trying to do is not to allow users that are in root ... >> key while every other user can choose whether they will login using ... >> pam but I couldn't find any module that will have my job done. ... AN> than ssh. ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2007-10