Date: Mon, 10 Sep 2001 20:06:34 +0300 From: Peter Pentchev <roam@ringlet.net> To: Jim Sander <jim@federation.addy.com> Cc: Freebsd-security@FreeBSD.ORG Subject: Re: allow selective RSA AUTH in sshd setup? Message-ID: <20010910200634.J1983@ringworld.oblivion.bg> In-Reply-To: <Pine.BSF.4.10.10109101235200.46378-100000@federation.addy.com>; from jim@federation.addy.com on Mon, Sep 10, 2001 at 12:53:35PM -0400 References: <001c01c1385e$d8e43400$f0f2a118@tampabay.rr.com> <Pine.BSF.4.10.10109101235200.46378-100000@federation.addy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 10, 2001 at 12:53:35PM -0400, Jim Sander wrote: > By default, I bar key-based logins (RSAAuthentication no) so that I > don't have to worry about users keeping their ~/.ssh/authorized_keys > secure. (expecting good key management of people who if left on their own > would choose 'me' as their password is probably a bad idea) For most > people who never touch a shell anyway, this is fine. But I do want to > allow certain users who at least marginally know what their doing the > benefit of using this feature. > > Anyone know a simple and effective way to do this? Create a ~/.ssh/config file, put 'RSAAuthentication yes' there. I don't think it's possible to do this on a group basis, you'll have to do it for each user. Of course, this also means that each of the other users may put this in their own ~/.ssh/config file, and circumvent your attempt to disable key-based logins; however, from your description (and some personal experience) I would consider that to be somewhat unlikely :) G'luck, Peter -- If wishes were fishes, the antecedent of this conditional would be true. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010910200634.J1983>