On Fri, 4 Apr 2008, Ingemar Nilsson wrote:

> Hi.
>
> I wonder if it would be possible to implement support for a
> user-specific sshd_config. The primary reason is that I would like the
> ability to specify that I'm only allowed to login with a key pair, even
> though the system-wide sshd configuration still allows passwords for
> other users.


You can do this with the "Match" keyword in sshd_config now. You need
root access to configure it though.

Match user djm
PasswordAuthentication no
KbdInteractiveAuthentication no
GSSAPIAuthentication no
KerberosAuthentication no
HostbasedAuthentication no
PubkeyAuthentication yes

> Of course, a user-specific sshd_config file should not be able to break
> the security policy of the system-wide configuration, only restrict it
> even further.
>
> Would this be possible?


Anything's possible

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev