Date: Mon, 05 Apr 2010 01:25:09 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: freebsd-questions@freebsd.org Subject: Re: SSH root login with keys only Message-ID: <4BB91FD5.3040403@locolomo.org> In-Reply-To: <hpaut3$4gl$1@dough.gmane.org> References: <hpaut3$4gl$1@dough.gmane.org>
index | next in thread | previous in thread | raw e-mail
On 04/04/10 23:04, Marcin Wisnicki wrote:
> Is it possible to configure sshd such that both conditions are met:
>
> 1. Root will be able to login only by using keys
> 2. Normal users will still be able to use pam/keyboard-interactive
Yes, you can create a Match block with the criteria User, something like
this I guess will work (haven't tested):
PermitRootLogin yes
Match User root
PasswordAuthentication no
check the man page. You might also want to restrict from where root can
login with another match block.
I assume that you have decided root login is acceptable with the
increased security of key authentication. Just beware that the key must
be password protected.
BR, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BB91FD5.3040403>