Allow password access for all users except root?

Question

I want to leave the root user enabled on my servers for convenience, and the only reason people are against the idea (that I know of) is brute-force attacks on SSH.

So, is there is a way in SSH to enable password access for all users except root, but allow ssh-key access for root?

OS: Ubuntu Server Edition 10.04 x86

SSH Version: OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009

possible duplicate of [Disable ssh password authentication by user](http://serverfault.com/questions/84199/disable-ssh-password-authentication-by-user) — quanta, Oct 31 '11 at 04:44
This isn't exactly a duplicate, since there is a root-specific alternative. — Ignacio Vazquez-Abrams, Oct 31 '11 at 04:47

score 12 · Accepted Answer · answered Oct 31 '11 at 04:45

12

From the sshd_config(5) man page:

PermitRootLogin
          ...

        If this option is set to “without-password”, password authentica-
        tion is disabled for root.

answered Oct 31 '11 at 04:45

Ignacio Vazquez-Abrams

45,939
6
79
84

Thank you! I usually read the manual before asking, but this seemed sufficiently complicated enough not to be in the manual. I was expecting some kind of iptables solutions, but this is better, obviously! – Soviero Oct 31 '11 at 04:51
1

I would be kind of wary of putting `PermitRootLogin without-password` into my sshd configuration! – user Oct 31 '11 at 10:10

Allow password access for all users except root?

1 Answers1

Linked