rjp wrote:
I haven't seen an option that would allow sshd to disable passwords on a per-user basis. The best thing you can do to keep the bruteforcers out of your console is to pick a strong password for your Linode account.
From the sshd_config manpage:
Code:
AllowUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
user names that match one of the patterns. '*' and '?' can be
used as wildcards in the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is
allowed for all users. If the pattern takes the form USER@HOST
then USER and HOST are separately checked, restricting logins to
particular users from particular hosts.
However, if you just want to disallow root access, but allow everyone else, there is an easier option:
Code:
PermitRootLogin
Specifies whether root can login using ssh(1). The argument must
be "yes", "without-password", "forced-commands-only" or "no".
The default is "yes".
If this option is set to "without-password" password authentica-
tion is disabled for root. Note that other authentication meth-
ods (e.g., keyboard-interactive/PAM) may still allow root to
login using a password.
If this option is set to "forced-commands-only" root login with
public key authentication will be allowed, but only if the
command option has been specified (which may be useful for taking
remote backups even if root login is normally not allowed). All
other authentication methods are disabled for root.
If this option is set to "no" root is not allowed to login.
FAQ
Search
Members
Register
Login [ Anonymous ]
