On Fri, 4 Apr 2008, Ingemar Nilsson wrote:

> Hi.
> I wonder if it would be possible to implement support for a
> user-specific sshd_config. The primary reason is that I would like the
> ability to specify that I'm only allowed to login with a key pair, even
> though the system-wide sshd configuration still allows passwords for
> other users.

You can do this with the "Match" keyword in sshd_config now. You need
root access to configure it though.

Match user djm
PasswordAuthentication no
KbdInteractiveAuthentication no
GSSAPIAuthentication no
KerberosAuthentication no
HostbasedAuthentication no
PubkeyAuthentication yes

> Of course, a user-specific sshd_config file should not be able to break
> the security policy of the system-wide configuration, only restrict it
> even further.
> Would this be possible?

Anything's possible

openssh-unix-dev mailing list