I need to restrict certain user(s) so that they can only SSH in using ssh keys and other users can login using key or password.
an example:
i'd like for root user to be able to login remotely (through sshd) using key, so no password would be accepted (even if password is right)
and for other users (everyone on the system) they can log in using key and/or password
how would I do that?
Best Answer
What I would do is to set
/etc/sshd/sshd_config
such that:just for extra security and to avoid having the root password locked (it would only allow root to log in using a key)
I would instead use
AllowGroups
instead ofAllowUser
, as for me it would be more convenient to add users to a group rather than tosshd_config
but that could depend on your personal preferences.