How to disabled password authentication for specific users in SSHD

ssh security authentication svn

Solution 1:

You could set the Parameter PermitEmptyPasswords no in your sshd configuration, and delete the passwords for some users, to force ssh key authentication for them.

Solution 2:

Add a Match block to your sshd_config file. Something like this:

Match Group SSH_Key_Only_Users
    PasswordAuthentication no

Or if it's truly one user

Match User Bad_User
    PasswordAuthentication no

See man sshd_config for more details on what you can match and what restrictions you can put in it.

Solution 3:

I just learned the hard way that CentOS 5 (with latest updates as of today) does not support the Match command by locking myself out of a remote server. Fun times.

So be warned if you try add the Match command to CE5 and you do service sshd restart it won't and as soon as you close your sshd client you are locked out until you can log back in via console to delete those 2 lines.

Related

Large RAID stripe size wastes space with small files?
Change MYSQL Port on Windows
Limitations of SQL Server 2012 Express version?
Can't delete symbolic link
Why are all Linux commands broken after installing Perl?
tab completion for service command on debian
SSH still asks for password even after adding key to authorized_keys
Change local password as root after configuring for MS-AD Kerberos+LDAP
Are transceivers hot swappable?
"Server should be SSL-aware but has no certificate configured"
bashrc not loaded in /bin/bash shell
PermitRootLogin is no, I cannot login but why password is asked from user?