Blocking SSH passwords *only* for remote users
I know how to enable SSH password access and how to prohibit it and require key access instead. What isn't obvious is whether I can do both on the same system for different users.
What I want is to allow password access for anyone connecting on my LAN but require keys for anyone connecting from the world. I suppose I could do that by running two different SSH daemons (on different ports) but I wonder if there is a more straight-forward method. |
ssh has a match directive that should work.
Code:
PasswordAuthentication no |
Thanks, michealk. I would have been surprised if there wasn't something like that.
|
OpenSSH has some of the better reference manual pages out there. For the manual pages which are well written, it is an especially good habit to check them periodically when trying new things or revisiting an old task.
So be sure to follow up on that by reading up on the Match directive in the relevant manual page: "man sshd_config" |
All times are GMT -5. The time now is 01:49 PM. |