Is it possible to set up a user on ubuntu with openssh so that ssh does not use password authentication but sftp does?
I assume that if I change /etc/ssh/ssh_config
to have PasswordAuthentication yes
this makes is possible for users to use passwords to login with both ssh and sftp.
Edit: My purpose here is to let some users sftp with a password instead of a keyfile. But I do not want ssh users to be able to login with a password, I want them to have to use a keyfile. If it helps, I do not need the sftp users to be able to login, they only need to do sftp.
Best Answer
As I understand you have (at least for this particular problem) two distinct groups of users, one being able to login via SSH and get an interactive shell (let's call the group
ssh
) and one being able to login via SFTP and only get an SFTP shell (let's call the groupsftp
).Now create the groups
ssh
andsftp
on your system withgroupadd
, put the respective users in the groups (gpasswd -a $USERNAME $GROUPNAME
) and append the following lines at the end (this is important!) of yoursshd_config
located at/etc/ssh/sshd_config
:Read about the
Match
directive in sshd_config(5) and about the allowed patterns in ssh_config(5).You'll also have to restart the
ssh
process for this to take effect:sudo /etc/init.d/ssh restart