-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kurt Heberlein wrote: > Can't seem to find this answer anywhere. This question is from a server > perspective. Is there a way to configure sshd, so that for some set of > users it allows password authentication and for others only public-key > authentication?
I've achieved something similar on my system by setting the password for user accounts that I don't want to use password authentication to "!!" eg: public-key-only-user:!!:13109:0:99999:7::: However, ordinary password users can still set up public key authentication. I use this to restrict access to admin accounts to public-key authentication only for security, and I'm not too fussed if ordinary users want to use public key authentication in addition to passwords. Hope this is useful. Take care, Ben -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBQ+j5OOgNmph0Y1E2AQLI7RAAntSwtwwF9fYOKsUIljOREtYZL8L3mFRn VljtU07+Jv6hJ5/qAD3CKclDSABHdafnjzC3mQVA9bPi5o1PAiY/wBPJg+W0009Q 2v81Ph2CVWgP3pb2+ZttEsyZPz1y9W+sceWHFVnw/32VTGV1j79VlPnJfufmp3y4 PTfM2rZlDfZ7ogbDIYm9qdVvUYvxtmlRjP72sV6lCSxBaxfLfqQtHRPM02X6QHIl 6IlfkMrOP5F9F6bqsjfOoximPMrZg8/yjnNBuHqrRvnXe7VQ0aZmvyo01CS//bn9 WGOiLtnZ0kjHrkU4EjykJckrVMSQ/cBr0Osx1r8reKKuF0+0MnLag8H8FFFfSulc SDhZsl5q6zGzoIztoW4EQEwRMzZO6KhwKQFNvsrNRABJ/i1QgZa2GyAwg9NxGnK6 S8birSGP1mWhVGAyArtoL6/7RlzBLB5o9y44MgmMEFwYyIAOLCsqdGorehE67yjp c/mjz6Pe1CYQaatIQh4tmdyKUOpUHZGZmqdybeC/9+W2KUeKW06Noq347pPlXpjY Zk3yraJ74WR1DUwq2F4Z1C5w/05MAWMZz+IlZRJRAvpaFZE6tggnuuPumeL6AhwG EXc7gvPPTLmheix2r/FJ4L7ADVcUwXUkU9t6lP2HHQ14+TDzkRB5/yzJHSZ2DfKz 5l1rVyHl4bw= =lyPF -----END PGP SIGNATURE-----
