sshd not allowing a subgroup to authenticate according to it's authentication method
David Mehler
dave.mehler at gmail.com
Tue Mar 24 23:52:25 UTC 2020
Hello,
I'm running sshd on FreeBSD 12.1. I'm having an issue, I want users in
a group sftpusers to be able to be logged in via password and to be
chrooted to their home directories. Everytime I try to log in I'm
getting no supported authenticationmethods publickey. From the man
page I thought that a group definition overrode a global configuration
setting. Here's a config snipet:
# Authentication:
AuthenticationMethods publickey
#StrictModes yes
#PubkeyAuthentication yes
#PasswordAuthentication no
#PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM no
AllowAgentForwarding no
AllowTcpForwarding no
#GatewayPorts no
#ChrootDirectory none
Subsystem sftp internal-sftp
# Set up groups for different types of logins
AllowGroups sshusers sftpusers
Match Group sshusers
PubkeyAuthentication yes
PasswordAuthentication no
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitTunnel no
Match Group sftpusers
ChrootDirectory /home/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitTunnel no
PermitTTY no
PasswordAuthentication yes
Suggestions welcome.
Thanks.
Dave.
More information about the freebsd-questions
mailing list