Different ssh authentication policies for different accounts

ssh configuration user-accounts ubuntu-14.04

I know that I can disable SSH authentication with clear text password for root user (using PermitRootLogin) and enable it for all other users. But I need to disable text passwords for some list of users (and keep only public keys authentication for they). For those, who don't included to list, I need to enable password authentication also.

So, how I can adjust different SSH policies for different users? In sshd_config I've found only 2 arguments:

PermitRootLogin without-password  # disable text password for root
PasswordAuthentication yes  # enable it for all other users

I'd like to have some dictionary-style configuration, for example:

user1Auth without-password
user2Auth without-password
user3Auth yes
...

P.S. My OS is Ubuntu 14.04.


You can use the Match User or Match Group directives:

Match Group usergroup
    PasswordAuthentication no

If you don't want to use groups, you can specify each user:

Match User user1,user2
    PasswordAuthentcation yes

Match User user3
    PasswordAuthentication no

My preference is to never assign privileges directly to users (no matter the system), so I always use groups. This also carries the benefit that you can change group membership without needing to restart sshd.

NB. This configuration lines must be written below all other configs in /etc/sshd_config.

Related

How to use Azure Backup to backup files on on-premises Linux machine
best-practice for mid-sized shared storage
How to check apache for SNI (Server Name Indication ) availability?
Why is the iptables byte count for raw PREROUTING 0?
Can Veeam "Copy Job" handle alternating destinations?
OpenBSD: How to use `relayd` and `httpd` for redirecting subdomain requests
CPU speed related with disk io?
Docker - Timezones in containers not same as on host
QEMU and serial ports on the guest OS
Why does MySQLTuner show query_cache_size (=0)?
Some questions about xenserver HA
SSL - Common Name not recognized