Tuesday, 24 January 2017

Allow a single user to login with a plain password over SSH - while ensuring everyone else uses keys

If for whatever reason you are forced to use plain-text authentication over SSH you can create a rule within the SSH daemon configuration to ensure that only the single user can perform it - while ensuring all other users are using keys.

vi /etc/ssh/sshd_config

and append the following:

Match User <username> 
      PasswordAuthentication yes

Reload sshd and attempt to re-authenticate.

sudo systemctl reload sshd

0 comments:

Post a comment