From owner-freebsd-questions@FreeBSD.ORG Sun Apr 4 23:27:20 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1BEA2106566B for ; Sun, 4 Apr 2010 23:27:20 +0000 (UTC) (envelope-from craig001@lerwick.hopto.org) Received: from lerwick.hopto.org (81-178-20-70.dsl.pipex.com [81.178.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 411658FC13 for ; Sun, 4 Apr 2010 23:27:17 +0000 (UTC) Received: (qmail 73650 invoked by uid 98); 5 Apr 2010 00:42:54 +0100 Received: from 192.168.0.100 by polaris.lerwick.hopto.org (envelope-from , uid 82) with qmail-scanner-2.01 (clamdscan: 0.95.1/9971. hbedv: 7.9.1.53/7.1.6.174. spamassassin: 3.2.5. Clear:RC:1(192.168.0.100):. Processed in 0.052982 secs); 04 Apr 2010 23:42:54 -0000 Received: from unknown (HELO x60.lerwick.hopto.org) (192.168.0.100) by lerwick.hopto.org with SMTP; 5 Apr 2010 00:42:53 +0100 Message-ID: <4BB92058.8070408@lerwick.hopto.org> Date: Mon, 05 Apr 2010 00:27:20 +0100 From: Craig Butler User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.5) Gecko/20091221 Lightning/1.0b2pre Thunderbird/3.0 MIME-Version: 1.0 To: Marcin Wisnicki References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: SSH root login with keys only X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2010 23:27:20 -0000 On 04/04/2010 22:04, Marcin Wisnicki wrote: > Is it possible to configure sshd such that both conditions are met: > > 1. Root will be able to login only by using keys > Yes > 2. Normal users will still be able to use pam/keyboard-interactive > Yes see PermitRootLogin section in man sshd_config... /Craig B