[EMAIL PROTECTED] wrote:
Can I restrict authentication types for specific users?
[using openssh-server 4.2p1-8 on Debian SID, x86]
Right now, no, not really.
You can do some limited things (eg setting a given user's passwd field
in /etc/shadow to "*", which will prevent password authentication while
still allowing non-password authentications) but there's no general method.
There's been some work[1] recently to extend sshd_config to allow it to
apply some config directives based on certain attributes of the
connection. If you're prepared to try the patch, it allows for
directives in sshd_config such as:
PasswordAuthentication no
Match User user1,user2
PasswordAuthentication yes
Match Group pwallowed
PasswordAuthentication yes
and similar.
[1] http://bugzilla.mindrot.org/show_bug.cgi?id=1180
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
