SSHd restriction per user basis

I think what you want is "Match User". You use it to match a username, then indent a series of config settings that apply specifically to that user.

Match User Joe
  PasswordAuthentication no

Match User Jane
  PasswordAuthentication yes

I use this to set up chroot SFTP-only access sometimes for clients.


Set up ssh as follows:

nano /etc/ssh/sshd_config

AllowUsers username1 username2 username3

Restart SSH

Then provide the keys to those who you would like to avoid using passwords.

ssh-keygen is used to generate that key pair for you. Here is a session where your own personal private/public key pair is created:

#ssh-keygen -t rsa

The command ssh-keygen -t rsa initiated the creation of the key pair.

I didn't enter a passphrase for my setup (Enter key was pressed instead).

The private key was saved in .ssh/id_rsa. This file is read-only and only for you. No one else must see the content of that file, as it is used to decrypt all correspondence encrypted with the public key.

The public key is save in .ssh/id_rsa.pub.

Its content is then copied in file .ssh/authorized_keys of the system you wish to SSH to without being prompted for a password.

#scp id_rsa.pub remote system:~/.ssh/authorized_keys

Finally lock the account (Key authentication will still be possible.)

# passwd -l username1