Creating user specific authentication methods in SSH
You can use Match
in sshd_config
to select individual users to alter the PasswordAuthentication
directive for. Enter these Match
rules at the bottom of sshd_config
file ( generally /etc/ssh/sshd_config
)
Match User root,foo,bar
PasswordAuthentication no
Match User Rishee
PasswordAuthentication yes
This would give root, foo and bar key authentication, and Rishee password authentication.
An alternative is to match by negation, like this:
PasswordAuthentication no
Match User *,!root
PasswordAuthentication yes
In this case, everyone except root gets password authentication.
Note: The *,
syntax is necessary, as wildcard and negation syntax is only parsed in comma-separated lists.
You can also match by group:
Match Group usergroup
PasswordAuthentication no
Reason for entering Match
at the bottom of the file:
If all of the criteria on the Match line are satisfied, the keywords on the following lines override those set in the global section of the config file, until either another >Match line or the end of the file
You can enable password and key-authentication at the same time, they are not exclusive.