| gabriel rosenkoetter on Sat, 23 Nov 2002 16:10:05 -0500 |
|
On Sat, Nov 23, 2002 at 02:43:09AM -0500, sean finney wrote: > ok, how about > > ssh -o "PasswordAuthentication no" user@host > > ? He wanted to specify it on the server side, not the user side, and for a subset of his users, not all of them. Only way is the gold star club (or anything that isn't a valid SHA1 or md5 hash) in /etc/shadow (or wherever your shared secret password file lives). Looks like each Linux distro uses a different passwd(1), none of the overtly GNU (at least, Red Hat's and Debian's are different), and all that POSIX speicifies about -l (if memory serves) is that it lock the account. I'm fairly sure that Red Hat's replaces the existing password with "!!". I don't know what Debian does. Having sections specific to users in sshd_config, like we have sections specific to hosts in ssh_config would be nice. Hell, having sections specific to local interfaces in sshd_config would be nice; right now you have to run two separate servers if you want separate permissions on a multi-homed host (like say if you want to use a different host key for each, like say if you're consolidating multiple machines into one, but want it to be as seamless as possible for your users). -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpkpDOfAvdtQ.pgp
|
|