martin f krafft wrote:
also sprach Adrian von Bidder <avbidder@fortytwo.ch> [2007.01.11.1855 +0100]:Anybody has an idea if and how this is possible? The obvious but ugly solution would be to run a second sshd on a different port, but I'd rather avoid that.It'll be possible if and only if SSH differentiates between authentication and authorisation/session. If it does, you can limit authentication with PAM via pam_file to one user, knowing that publickey auth will be handled by sshd. All users, however, need to be authenticated against the PAM session component.
I missed the context here (the reply seems to have been cc'ed to secureshell but the original request wasn't).
OpenSSH 4.4 added a "Match" directive to sshd_config that allows per-X overriding of some configuration directives. Authentications aren't supported yet but I have a patch that adds it which hopefully will be in the next release. This would allow you to do something like the following for the user "sftpuser":
PasswordAuthentication no Match User sftpuser PasswordAuthentication yesIf you're interested I can supply a copy of the patch that adds auth support (against 4.5p1).
-- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.