pubkey authentication in openssh
Does anyone know a way to force pubkey authentication for only certain users but allow password for others? Eric
Eric> Does anyone know a way to force pubkey authentication for only certain Eric> users but allow password for others? Can you explain what you're trying to do here? I've done some publick key stuff, but mostly for scripts which don't want passwords, and which are restricted to only a subset of commands. If you want to limit the publickey users to only run certain commands that you control, just setup their ~/.ssh2/authorized_keys file properly withthe public key and the locked down command of your choice. The SSH book has some decent examples. John
yes....have only the users you want to use pubkeys generate keys and share the public one by putting it in that users ~/.ssh(2) on each server. ssh-keygen is the command to make the keys. --- Eric Stein <eastein@WPI.EDU> wrote:
Does anyone know a way to force pubkey authentication for only certain users but allow password for others? Eric _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
I already know how to do what you guys suggested - example of what I'm looking for: automated account: public key login only (no password authentication allowed - yeah, I know I can just set the password to something really big and hope nobody guesses, but the point of pub/priv key auth is higher security) my personal account: both public key and password auth (for at my computer or not) daemon accounts: shell is /sbin/nologin Eric
On Fri, Feb 17, 2006 at 05:15:55PM -0500, Eric Stein wrote:
automated account: public key login only (no password authentication allowed - yeah, I know I can just set the password to something really big and hope nobody guesses, but the point of pub/priv key auth is higher security)
You can put a "*" in the password field of the user and then it's a locked account, but pubkey will still work. There's no per-user config to specify what authentication methods are allowed. It's a global setting. -- Randomly Generated Tagline: "Abnegation is un-American. We're going to drive the vehicle we want, wear what we want, consume as much as necessary, worship whomever we choose, and show as much cleavage as possible in beer commercials." - http://www.fool.com/News/Foth/2003/foth030203.htm?source=EDNWFH
participants (4)
-
Eric Stein -
John Stoffel -
Mike Leo -
Theo Van Dinter