1

1 I have configured Ubuntu server with Key authentication & it is working fine. I have disabled password authentication for key authentication to work. Server is always accessed via remote terminals or putty.

Now all user accounts are able to login with the authentication Key and passphrase. But now I want to create only one new user without key authentication. So how should I go about it

However on the other hand this should not hamper other users who are using key authentication.

Hrish
  • 87
  • 1
  • 8

2 Answers2

3

First, allowing password authentication in sshd_config doesn't prevent from using keys. Both can coexist without a problem.

As for allowing password authentication only for a user, you should use the Match group sections:

Match User foo
  PasswordAuthentication yes

if your user is named foo.

raphink
  • 11,987
  • 6
  • 37
  • 48
1

I'm curious why you had to disable password authentication when configuring publickey authentication. SSH will attempt all other authentication mechanisms before it defaults to passwords. This allows you to selectively use keys for certain accounts and passwords for others.

Below, you can see 5 different methods of authentication were tried before the password:

ssh -v test01
...
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_2078676' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_2078676' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Next authentication method: publickey
debug1: Offering public key: /home/skohrs/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/skohrs/.ssh/identity
debug1: Trying private key: /home/skohrs/.ssh/id_dsa
debug1: Next authentication method: password
skohrs@test01's password:
debug1: Authentication succeeded (password).
...
skohrs
  • 1,520
  • 11
  • 23