Date: Wed, 25 Mar 2020 01:01:23 -0400 From: David Mehler <dave.mehler@gmail.com> To: Jim Trigg <jtrigg@huiekin.org> Cc: freebsd-questions@freebsd.org Subject: Re: sshd not allowing a subgroup to authenticate according to it's authentication method Message-ID: <CAPORhP5pb-oEd0bjbY1uYKvTNr4i1FCpj6yvnTJvjVXy4o8vWA@mail.gmail.com> In-Reply-To: <208460FC-FD0D-48F8-987A-A3B589B3A8B0@huiekin.org> References: <CAPORhP4TQFMVcL1TGUb=Ex%2BDkp%2BP7AP8k8=aNDmhxAz00U=60A@mail.gmail.com> <208460FC-FD0D-48F8-987A-A3B589B3A8B0@huiekin.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Thanks, actually it's not anyone in the sshusers group, that's working fine, and I am not in sftpusers. Other users are in that group and they're being prompted for public keys and rejected because they're trying to use passwords. Thanks. Dave. On 3/25/20, Jim Trigg <jtrigg@huiekin.org> wrote: > At a guess, you're also a member of sshusers. Try putting the sftpusers > stanza before the sshusers stanza. > > Thanks, > Jim Trigg > > > On March 24, 2020 7:52:00 PM EDT, David Mehler <dave.mehler@gmail.com> > wrote: >>Hello, >> >>I'm running sshd on FreeBSD 12.1. I'm having an issue, I want users in >>a group sftpusers to be able to be logged in via password and to be >>chrooted to their home directories. Everytime I try to log in I'm >>getting no supported authenticationmethods publickey. From the man >>page I thought that a group definition overrode a global configuration >>setting. Here's a config snipet: >> >># Authentication: >>AuthenticationMethods publickey >>#StrictModes yes >>#PubkeyAuthentication yes >>#PasswordAuthentication no >>#PermitEmptyPasswords no >>ChallengeResponseAuthentication no >>UsePAM no >>AllowAgentForwarding no >>AllowTcpForwarding no >>#GatewayPorts no >>#ChrootDirectory none >>Subsystem sftp internal-sftp >># Set up groups for different types of logins >>AllowGroups sshusers sftpusers >> >>Match Group sshusers >>PubkeyAuthentication yes >>PasswordAuthentication no >>X11Forwarding no >>AllowTcpForwarding no >> AllowAgentForwarding no >> PermitTunnel no >> >>Match Group sftpusers >>ChrootDirectory /home/%u >>ForceCommand internal-sftp >>X11Forwarding no >>AllowTcpForwarding no >> AllowAgentForwarding no >> PermitTunnel no >> PermitTTY no >>PasswordAuthentication yes >> >>Suggestions welcome. >>Thanks. >>Dave. >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>https://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to >>"freebsd-questions-unsubscribe@freebsd.org" > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPORhP5pb-oEd0bjbY1uYKvTNr4i1FCpj6yvnTJvjVXy4o8vWA>