Bradley Ayers: Forcing SSH to authenticate via public key for all but one user

Wednesday, May 25, 2011

Forcing SSH to authenticate via public key for all but one user

When setting up a Ubuntu Web server I generally want to disable password authentication for SSH (and instead use public key), which has been all well and good until now. While experimenting with automatic deployment solutions for Django, I wanted to be able to use password authentication for a the deployment account, whilst enforcing public key authentication for everyone else.

The solution is very simple. In my /etc/ssh/sshd_config I have the typical:

RSAAuthentication no
PubkeyAuthentication yes

And to enable password authentication for a single user I added the following to the end of the file:

# Allow the 'deployment' user to login
# using their password
Match User deployment
PasswordAuthentication no

It's documented in detail in the Match section of the man page.

Bradley Ayers

Wednesday, May 25, 2011

Forcing SSH to authenticate via public key for all but one user

No comments:

Post a Comment