How to disabled password authentication for specific users in SSHD

I'm very new to python/programing, and, i've been playing with a small random choice generator. I'm really happy with how everything is working so far, but I'm having a problem with the if statement. how do I go about signaling that the if should point to the first generated choice from table Desert, and not generate a second choice? I've tried nesting the if statement in the print command, but got a lot of syntax errors. Here is the code:

import random
import sys

Name = ['Dave', 'Suzane', 'Jim', 'Diana']

Appitizers = ['Spinach & Artichoke Dip', 'Crispy Green Beans', 'Half Chicken Quesadila', 'None, for me, just the main course please']

MainCourse = ['Steak', 'Sea Food', 'Grilled Chicken', 'House Salad', 'Rib Sanwich', 'Soup of the Day']

Desert = ['Pie of the Day', 'Chocolate Moose', 'Cheeze Cake', "No Thanks, I'm Full!"] 

Goodbye = ['Captian', 'Monsiure', 'Sir', 'Madame',]

Goodbye2 = ['Come back again!', 'See you soon', 'Thank you for stopping by', 'Thank you for choosing us!']

print("Hello ", random.choice(Name), "tonight you're meal will be:")
print("Appitizer:", random.choice(Appitizers))
print("Followed by Main Coure:", random.choice(MainCourse))
print("And finally Desert:", random.choice(Desert))
if random.choice(Desert)=="No Thanks, I'm Full!": print('Farwell!', random.choice(Goodbye1)), sys.exit()

print(random.choice(Goodbye2))

Thanks!

That seems to work well. I guess I just have to trust other users that SSH in not to su svn. Is there an easy way to stop that (but maybe still allow sudo su svn?)

You could limit the usage of "su" to a specific group. You should have a look at /etc/pam.d/su there you will find this line: # Uncomment the following line to require a user to be in the "wheel" group.

That was the suggesting in stackoverflow.com/questions/4241197/… - however it required OpenSSH 5.1 and I'm running 4.3 (I'd rather not upgrade to a version which isn't officially supported by CentOS 5.6). I checked man sshd_config and couldn't see any mention of Match. I agree, though, that if I were on 5.1 then this would be the answer (as it is in the other post), however I dont believe it will work in 4.3.

That works REALLY well - thank you! I have also configured scponlyc on the box as well so some users can be root jailed.

My apologies, didn't realize CentOS was using such an ancient version of SSHd. OpenSSH 4.3 is from Feb 1, 2006; what the heck are they still using that for?

Not sure, but I assume it still receives security updates?! The full release is: openssh.x86_64 4.3p2-72.el5_6.3 Interestingly, according to the following URL EL6 should be up to OpenSSH 5.3 now... github.com/repoforge/rpms/blob/master/specs/openssh/… My server reports: $ cat /etc/redhat-release CentOS release 5.6 (Final) It's at times like this when I appreciate the simplicity of OS's like Windows and, to some extent, OS X too. You don't have to faff about with all this dependency malarkey ;)

"how do I go about signaling that the if should point to the first generated choice from table MainCourse" Did you mean Desert here? MainCourse isn't referenced at all in your if condition.