Can I force a specific user to login by SSH cert only while all other accounts can still SSH by password?

Zack Perry

7/10/24, 5:48 PM

Ubuntu wizards,

I'm trying to set a user to only be able to login via cert through SSH but allow all other users to login via password through SSH. For some reason, I'm not getting how to set this config to affect only this single specific user and not the whole system. Can anyone run down how (if it's possible) this can be done?

Thanks in advance!

1 + 1

ssh

password

certificates

steeldriver

7/10/24, 5:54 PM

Related answer: [What is the correct way to disable SSH password authentication](https://askubuntu.com/a/1161230/178692)

Score:5

Ubuntu

Thomas Ward

7/10/24, 5:53 PM

I have not tested this myself (as I enforce key auth for everything and only have a very limited use of password auth), but setting PasswordAuthentication yes earlier in the /etc/ssh/sshd_config file, and then this added to the end of that same file might solve this for the one user:

Match User username
    PasswordAuthentication no

Change username to the matching user's name.

Then restart your SSH service. sudo systemctl restart ssh.service

+ 2

Zack Perry

7/10/24, 7:10 PM

It worked! Thank you so much! I couldn't find the "Match User" setting in anything for a week haha. This was all for an Ansible playbook for creating a user and setting it to only be able to login via cert: - name: Set sshd_config to PasswordAuthentication no become: yes blockinfile: path: /etc/ssh/sshd_config marker: "# {mark} ANSIBLE MANAGED BLOCK - {{username}}" block: | Match User "{{ username}}" PasswordAuthentication no

Thomas Ward

7/10/24, 8:48 PM

@ZackPerry glad to hear it helped! Don't forget to hit the checkmark on the answer to mark it as the accepted answer :)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can I force a specific user to login by SSH cert only while all other accounts can still SSH by password?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.