Set up sftp to use password but ssh not to use password

Is it possible to set up a user on ubuntu with openssh so that ssh does not use password authentication but sftp does?

I assume that if I change /etc/ssh/ssh_config to have PasswordAuthentication yes this makes is possible for users to use passwords to login with both ssh and sftp.

Edit: My purpose here is to let some users sftp with a password instead of a keyfile. But I do not want ssh users to be able to login with a password, I want them to have to use a keyfile. If it helps, I do not need the sftp users to be able to login, they only need to do sftp.


Solution 1:

As I understand you have (at least for this particular problem) two distinct groups of users, one being able to login via SSH and get an interactive shell (let's call the group ssh) and one being able to login via SFTP and only get an SFTP shell (let's call the group sftp).

Now create the groups ssh and sftp on your system with groupadd, put the respective users in the groups (gpasswd -a $USERNAME $GROUPNAME) and append the following lines at the end (this is important!) of your sshd_config located at /etc/ssh/sshd_config:

Match Group sftp
  PasswordAuthentication yes
  # Further directives for users in the "sftp" group

Match Group ssh
  PasswordAuthentication no
  # Further directives for users in the "ssh" group

Read about the Match directive in sshd_config(5) and about the allowed patterns in ssh_config(5).

You'll also have to restart the ssh process for this to take effect:

sudo /etc/init.d/ssh restart