From owner-freebsd-questions@FreeBSD.ORG  Sun Apr  4 22:25:58 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 91503106566B
	for <freebsd-questions@freebsd.org>;
	Sun,  4 Apr 2010 22:25:58 +0000 (UTC)
	(envelope-from kraduk@googlemail.com)
Received: from mail-fx0-f209.google.com (mail-fx0-f209.google.com
	[209.85.220.209])
	by mx1.freebsd.org (Postfix) with ESMTP id 22B848FC14
	for <freebsd-questions@freebsd.org>;
	Sun,  4 Apr 2010 22:25:57 +0000 (UTC)
Received: by fxm1 with SMTP id 1so2417723fxm.13
	for <freebsd-questions@freebsd.org>;
	Sun, 04 Apr 2010 15:25:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:received:message-id:subject:from:to:cc:content-type;
	bh=+gBOw3alN52SeI97B4Irbfd9WdR10FEieTPx4P31exw=;
	b=YuU5p8KyIpeYy0oYTPIbSK/+oHozgHTFlhJuRxl5dKDUyWfJ2nObi+bec29zTqoI3S
	pOcW47sJD/Hf/p/ZaGO8L716czzA8jgvpHPxr7krsw9cn3xYBBYphVZltvAwa904IoLP
	FQIKyBLNJb8avEfvJbVPQX0r9GiF4CGy9dmI0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=K0RqTJPMMCBvEwQWUy4yW0D5qpaw/Jlks4SX42FcEhn2D2BeN8XTjeBhOaZ2MTQRVz
	Z0IWmzHbJOZTgsup+QhJy1xpGpqJjJkxrxOrc31h+pdrOsJWBr3ZmuEinTsNjCCzM1A1
	wK6M9EzkPthLTabL6fSIEnyJkD2FveNSFODuY=
MIME-Version: 1.0
Received: by 10.239.157.136 with HTTP; Sun, 4 Apr 2010 15:25:56 -0700 (PDT)
In-Reply-To: <20100404234959.23966b02@eselhitler>
References: <hpaut3$4gl$1@dough.gmane.org> <20100404234959.23966b02@eselhitler>
Date: Sun, 4 Apr 2010 23:25:56 +0100
Received: by 10.239.142.205 with SMTP id h13mr417688hba.213.1270419956799; 
	Sun, 04 Apr 2010 15:25:56 -0700 (PDT)
Message-ID: <i2hd36406631004041525j25e3c738n82968b6e5f8c421a@mail.gmail.com>
From: krad <kraduk@googlemail.com>
To: Julian Fagir <gnrp@gnrp.in-berlin.de>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-questions@freebsd.org
Subject: Re: SSH root login with keys only
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Apr 2010 22:25:58 -0000

On 4 April 2010 22:49, Julian Fagir <gnrp@gnrp.in-berlin.de> wrote:

> Hi,
>
> > Is it possible to configure sshd such that both conditions are met:
> >
> > 1. Root will be able to login only by using keys
> > 2. Normal users will still be able to use pam/keyboard-interactive
>
> perhaps the sshd-option "PermitRootLogin" does match your requirements.
> To be found in sshd_config (5).
>
>
> Regards, Julian
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>

Why do  you need to do this? It is generally a bad thing to allow. Why not
use su or sudo?