You're right. OpenSSH and SSH.com's Unix servers do not
support this. You would have to do this in PAM.
There's a lot information on various PAM modules and
links here:
http://www.kernel.org/pub/linux/libs/pam/modules.html
-AnneYou're right. OpenSSH and SSH.com's Unix servers do not
support this. You would have to do this in PAM.
There's a lot information on various PAM modules and
links here:
http://www.kernel.org/pub/linux/libs/pam/modules.html
-Anne
Adam ENDRODI grabbed a keyboard and typed...
> How can I tell sshd to only accept a particular authentication
> method for some users, while letting others to use any methods
> they wish?
>
> One of our servers has two kinds of users: a group of
> low-privileged ones and a few power users. The former class
> may choose to log in by providing his password, but I want the
> latter to use his private key, which I consider a more secure
> alternative. On the other hand, they need to retain their unix
> password, so I cannot just fill that with garbage.
>
> I've looked at the recent openssh sources but it didn't seem
> to support this kind of distinction. One possibility I can
> think of is PAM, but I don't know which module to use.
>
> Any suggestion would be greatly appreciated.
>
> bit,
> adam
>
> --
> 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989
> finger://borso@vekoll.vein.hu | Some days, my soul's confined
> http://www.keyserver.net | And out of mind
> Sleep forever
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
.-"".__."``". Anne Henmi, System Administrator
.-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu
(O/ O) \-' ` -="""=. ', Center for Advanced Computing Research
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment:
signature.asc
Description: Digital signature