SSH root login with keys only

Marcin Wisnicki mwisnicki+freebsd at
Sun Apr 4 23:40:04 UTC 2010

On Sun, 04 Apr 2010 23:49:59 +0200, Julian Fagir wrote:

> Hi,
>> Is it possible to configure sshd such that both conditions are met:
>> 1. Root will be able to login only by using keys 2. Normal users will
>> still be able to use pam/keyboard-interactive
> perhaps the sshd-option "PermitRootLogin" does match your requirements.
> To be found in sshd_config (5).

Unfortunately it doesn't. Assuming you mean 'without-password' option,
I would have to disable ChallengeResponseAuthentication for everyone
which I would like to avoid.
It is not possible to disable ChallengeResponseAuthentication inside
match block.

More information about the freebsd-questions mailing list