[Gllug] Selective SSH logins

David Coles david at disintegration.org
Tue Aug 26 16:28:21 UTC 2008

On Tue, 26 Aug 2008, tid wrote:

> Gary, you can do this by running two different sshd servers listening
> on different ports. I've done
> this in the past to cope with a pointless management edict. You
> obviously need to configure
> differnet log files etc.

Wow, that's making things more complex than they need to be, surely?

Try in the main body:

   PubKeyAuthentication yes
   PasswordAuthentication no

then use a Match line:

   Match User david
     PasswordAuthentication yes

to restrict PasswordAuthentication to a single user - you can add Host or 
Address criteria-pattern pairs to the Match line to restrict to certain 
machines too if you want.

I've not got a convenient setup atm to try it, so that's just going by 
sshd_config(5), so apologies if I've stuffed anything up there, but aside 
from that this should do what you want - just remember anything after the 
Match line will be part of that conditional without another Match until 


Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list