Date: Mon, 05 Apr 2010 01:25:09 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: freebsd-questions@freebsd.org Subject: Re: SSH root login with keys only Message-ID: <4BB91FD5.3040403@locolomo.org> In-Reply-To: <hpaut3$4gl$1@dough.gmane.org> References: <hpaut3$4gl$1@dough.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/04/10 23:04, Marcin Wisnicki wrote: > Is it possible to configure sshd such that both conditions are met: > > 1. Root will be able to login only by using keys > 2. Normal users will still be able to use pam/keyboard-interactive Yes, you can create a Match block with the criteria User, something like this I guess will work (haven't tested): PermitRootLogin yes Match User root PasswordAuthentication no check the man page. You might also want to restrict from where root can login with another match block. I assume that you have decided root login is acceptable with the increased security of key authentication. Just beware that the key must be password protected. BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BB91FD5.3040403>