SSHd restriction per user basis
I think what you want is "Match User". You use it to match a username, then indent a series of config settings that apply specifically to that user.
Match User Joe
PasswordAuthentication no
Match User Jane
PasswordAuthentication yes
I use this to set up chroot SFTP-only access sometimes for clients.
Set up ssh as follows:
nano /etc/ssh/sshd_config
AllowUsers username1 username2 username3
Restart SSH
Then provide the keys to those who you would like to avoid using passwords.
ssh-keygen is used to generate that key pair for you. Here is a session where your own personal private/public key pair is created:
#ssh-keygen -t rsa
The command ssh-keygen -t rsa initiated the creation of the key pair.
I didn't enter a passphrase for my setup (Enter key was pressed instead).
The private key was saved in .ssh/id_rsa. This file is read-only and only for you. No one else must see the content of that file, as it is used to decrypt all correspondence encrypted with the public key.
The public key is save in .ssh/id_rsa.pub.
Its content is then copied in file .ssh/authorized_keys of the system you wish to SSH to without being prompted for a password.
#scp id_rsa.pub remote system:~/.ssh/authorized_keys
Finally lock the account (Key authentication will still be possible.)
# passwd -l username1