From owner-freebsd-questions@FreeBSD.ORG Sun Apr 4 22:19:56 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F207106566B for ; Sun, 4 Apr 2010 22:19:55 +0000 (UTC) (envelope-from gnrp@gnrp.in-berlin.de) Received: from einhorn.in-berlin.de (einhorn.in-berlin.de [192.109.42.8]) by mx1.freebsd.org (Postfix) with ESMTP id 5AE298FC15 for ; Sun, 4 Apr 2010 22:19:54 +0000 (UTC) X-Envelope-From: gnrp@gnrp.in-berlin.de X-Envelope-To: Received: from eselhitler (q827es.in-vpn.de [217.197.85.227]) (authenticated bits=0) by einhorn.in-berlin.de (8.13.6/8.13.6/Debian-1) with ESMTP id o34Lo5xg032694 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Sun, 4 Apr 2010 23:50:06 +0200 Date: Sun, 4 Apr 2010 23:49:59 +0200 From: Julian Fagir To: freebsd-questions@freebsd.org Message-ID: <20100404234959.23966b02@eselhitler> In-Reply-To: References: X-Mailer: Claws Mail 3.7.5 (GTK+ 2.14.7; x86_64-unknown-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang_at_IN-Berlin_e.V. on 192.109.42.8 Subject: Re: SSH root login with keys only X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2010 22:19:56 -0000 Hi, > Is it possible to configure sshd such that both conditions are met: > > 1. Root will be able to login only by using keys > 2. Normal users will still be able to use pam/keyboard-interactive perhaps the sshd-option "PermitRootLogin" does match your requirements. To be found in sshd_config (5). Regards, Julian