[Gllug] Selective SSH logins
David Coles
david at disintegration.org
Tue Aug 26 16:28:21 UTC 2008
On Tue, 26 Aug 2008, tid wrote:
> Gary, you can do this by running two different sshd servers listening
> on different ports. I've done
> this in the past to cope with a pointless management edict. You
> obviously need to configure
> differnet log files etc.
Wow, that's making things more complex than they need to be, surely?
Try in the main body:
PubKeyAuthentication yes
PasswordAuthentication no
then use a Match line:
Match User david
PasswordAuthentication yes
to restrict PasswordAuthentication to a single user - you can add Host or
Address criteria-pattern pairs to the Match line to restrict to certain
machines too if you want.
I've not got a convenient setup atm to try it, so that's just going by
sshd_config(5), so apologies if I've stuffed anything up there, but aside
from that this should do what you want - just remember anything after the
Match line will be part of that conditional without another Match until
EOF.
Cheers,
--
David
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list