Disallowing password authentication on socket

Thanks to a new enough ssh on socket, it was possible to disable
password authentication for all users except sysadmins for the socket

For reference this is done using (/etc/ssh/sshd_config):
  PasswordAuthentication no
  Match Group admin
          PasswordAuthentication yes

Note: the admin group is defined using /etc/group, not LDAP. So
sysadmins can still login even if LDAP is down.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]