How to disabled password authentication for specific users in SSHD
Solution 1
You could set the Parameter PermitEmptyPasswords no
in your sshd
configuration, and delete the passwords for some users, to force ssh key authentication for them.
Solution 2
Add a Match block to your sshd_config file. Something like this:
Match Group SSH_Key_Only_Users
PasswordAuthentication no
Or if it's truly one user
Match User Bad_User
PasswordAuthentication no
See man sshd_config
for more details on what you can match and what restrictions you can put in it.
Solution 3
I just learned the hard way that CentOS 5 (with latest updates as of today) does not support the Match command by locking myself out of a remote server. Fun times.
So be warned if you try add the Match command to CE5 and you do service sshd restart it won't and as soon as you close your sshd client you are locked out until you can log back in via console to delete those 2 lines.
Related videos on Youtube
Halford88
Updated on September 18, 2022Comments
-
Halford88 over 1 year
I'm very new to python/programing, and, i've been playing with a small random choice generator. I'm really happy with how everything is working so far, but I'm having a problem with the if statement. how do I go about signaling that the if should point to the first generated choice from table Desert, and not generate a second choice? I've tried nesting the if statement in the print command, but got a lot of syntax errors. Here is the code:
import random import sys Name = ['Dave', 'Suzane', 'Jim', 'Diana'] Appitizers = ['Spinach & Artichoke Dip', 'Crispy Green Beans', 'Half Chicken Quesadila', 'None, for me, just the main course please'] MainCourse = ['Steak', 'Sea Food', 'Grilled Chicken', 'House Salad', 'Rib Sanwich', 'Soup of the Day'] Desert = ['Pie of the Day', 'Chocolate Moose', 'Cheeze Cake', "No Thanks, I'm Full!"] Goodbye = ['Captian', 'Monsiure', 'Sir', 'Madame',] Goodbye2 = ['Come back again!', 'See you soon', 'Thank you for stopping by', 'Thank you for choosing us!'] print("Hello ", random.choice(Name), "tonight you're meal will be:") print("Appitizer:", random.choice(Appitizers)) print("Followed by Main Coure:", random.choice(MainCourse)) print("And finally Desert:", random.choice(Desert)) if random.choice(Desert)=="No Thanks, I'm Full!": print('Farwell!', random.choice(Goodbye1)), sys.exit() print(random.choice(Goodbye2))
Thanks!
-
Jay almost 13 yearsThat seems to work well. I guess I just have to trust other users that SSH in not to
su svn
. Is there an easy way to stop that (but maybe still allowsudo su svn
?) -
Thomas Berger almost 13 yearsYou could limit the usage of "su" to a specific group. You should have a look at
/etc/pam.d/su
there you will find this line:# Uncomment the following line to require a user to be in the "wheel" group.
-
Nick almost 13 yearsThat was the suggesting in stackoverflow.com/questions/4241197/… - however it required OpenSSH 5.1 and I'm running 4.3 (I'd rather not upgrade to a version which isn't officially supported by CentOS 5.6). I checked
man sshd_config
and couldn't see any mention ofMatch
. I agree, though, that if I were on 5.1 then this would be the answer (as it is in the other post), however I dont believe it will work in 4.3. -
Nick almost 13 yearsThat works REALLY well - thank you! I have also configured scponlyc on the box as well so some users can be root jailed.
-
Philip almost 13 yearsMy apologies, didn't realize CentOS was using such an ancient version of SSHd. OpenSSH 4.3 is from Feb 1, 2006; what the heck are they still using that for?
-
Nick almost 13 yearsNot sure, but I assume it still receives security updates?! The full release is:
openssh.x86_64 4.3p2-72.el5_6.3
Interestingly, according to the following URL EL6 should be up to OpenSSH 5.3 now... github.com/repoforge/rpms/blob/master/specs/openssh/… My server reports:$ cat /etc/redhat-release CentOS release 5.6 (Final)
It's at times like this when I appreciate the simplicity of OS's like Windows and, to some extent, OS X too. You don't have to faff about with all this dependency malarkey ;) -
Kevin about 9 years"how do I go about signaling that the if should point to the first generated choice from table MainCourse" Did you mean
Desert
here?MainCourse
isn't referenced at all in yourif
condition.