Results 1 to 6 of 6

Thread: ssh: Disable PasswordAuthentication per user

  1. #1
    Join Date
    Jun 2006
    Beans
    2,930

    ssh: Disable PasswordAuthentication per user

    I have a server that will be used for forwarding ports.
    The users will have no reason to use the shell.
    I set up key pairs for the users, but I would like to the server to not prompt for a password if it refuses the key.
    I can set PasswordAuthentication to no in the sshd config file, but I would still need to be able to login with a password.

    Is there a way to configure this per user?
    Support 7z in default installs!!!: Click Here

    How to use code blocks to post command output: Click Here
    Official Ubuntu Documentation

  2. #2
    Join Date
    Jun 2006
    Beans
    2,930

    Re: ssh: Disable PasswordAuthentication per user

    I removed the users' passwords which prevents logging in with a password. So I guess I can consider this solved.
    Support 7z in default installs!!!: Click Here

    How to use code blocks to post command output: Click Here
    Official Ubuntu Documentation

  3. #3
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: ssh: Disable PasswordAuthentication per user

    Aye, just lock the user account

    Code:
    sudo passwd '!' user
    The user can still log w/ other means, such as ssh /w a key.

    You would prevent shell access by using "forced commands" , basically you set what commands can be run w/ the key.

    In addition if you wish to prevent shell access set the shell to /bin/false .

    http://oreilly.com/catalog/sshtdg/chapter/ch08.html
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  4. #4
    Join Date
    Jun 2006
    Beans
    2,930

    Re: ssh: Disable PasswordAuthentication per user

    Quote Originally Posted by bodhi.zazen View Post
    Aye, just lock the user account

    Code:
    sudo passwd '!' user
    The user can still log w/ other means, such as ssh /w a key.

    You would prevent shell access by using "forced commands" , basically you set what commands can be run w/ the key.

    In addition if you wish to prevent shell access set the shell to /bin/false .

    http://oreilly.com/catalog/sshtdg/chapter/ch08.html
    Good info, thank you for taking the time to answer.
    Support 7z in default installs!!!: Click Here

    How to use code blocks to post command output: Click Here
    Official Ubuntu Documentation

  5. #5
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: ssh: Disable PasswordAuthentication per user

    Quote Originally Posted by lavinog View Post
    Good info, thank you for taking the time to answer.
    No problem, I like to play with SSH , there are a ton of advanced geeky things you can do with it.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  6. #6
    Join Date
    Oct 2010
    Beans
    9

    Re: ssh: Disable PasswordAuthentication per user

    I had a slightly different problem and found this thread now when googeling for the solution.

    I want to disable password login through SSH, because I'd like to have a simple password and to login through SSH with a public key. But I can't set PasswortAuthentication to no, becauser there are other Users who want to use their passwords also to login through SSH nor can I lock my password (passwd -l) because I want to use it to login locally and for sudo.

    The solution is quite simple:
    Match User myusername
    PasswordAuthentication no


    Put these lines to the end (!) of the file /etc/ssh/sshd_config
    and reload the SSH config: sudo /etc/init.d/ssh reload

    Manual:
    http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •