0

Say I have multiple service users on a server (example.com).

  • For foo@example.com I use SSH with a publickey
  • For bar@example.com I use SSH with a password

I access both users regularly from my local machine.

Is there a way to configure the ~/.ssh/config file so that it correctly detects the preferred authentication type based on the user?

In other words, is there a way to configure things per-user for a given host?

I'm imagining something like:

Host example.com
    User foo
        PreferredAuthentications publickey
        IdentityFile ~/.ssh/key_for_foo
    User bar
        PreferredAuthentications password

Thanks!

user2490003
  • 147
  • 5

1 Answers1

2

Criteria other than host would use the Match keyword:

Match host example.com user foo
        PreferredAuthentications publickey
        IdentityFile ~/.ssh/key_for_foo
Match host example.com user bar
        PreferredAuthentications password

The default order for PreferredAuthentications already tries publickey before password. If you want to use key files with the user names always, not just foo@example.com, you can simplify to:

IdentityFile ~/.ssh/key_for_%r

P.S. password is not the same ssh auth method as keyboard-interactive. The former is definitely a password, the latter allows sshd to ask for other inputs like a 2FA code.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34