On Linux (Debian Squeeze) I would like to disable SSH login using password to some users (selected group or all users except root). But I do not want to disable login using certificate for them.
edit: thanks a lot for detailed answer! For some reason this does not work on my server:
Match User !root
PasswordAuthentication no
...but can be easily replaced by
PasswordAuthentication no
Match User root
PasswordAuthentication yes
Answer
Try Match in sshd_config:
Match User user1,user2,user3,user4
PasswordAuthentication no
Or by group:
Match Group users
PasswordAuthentication no
Or, as mentioned in the comment, by negation:
Match User !root
PasswordAuthentication no
Note that match is effective "until either another Match line or the end of the file." (the indentation isn't significant)
Comments
Post a Comment