I added a few features to openssh for my local use that I'd like to submit back to the main project. I basically added access control lists to control who would be allowed public key authentication. I added four config file entries for the server: PubkeyAllowUsers PubkeyDenyUsers PubkeyAllowGroups PubkeyDenyGroups These follow the same sematics as the already existing entries for allowing logins. So far I have this implemented for SSH2 pubkey auth, but I coded it to make adding corresponding entries for any auth method easy. I'd be happy to do so if this was desired. I'm not sure if there is any interest this functionality, but I've been wanting it for a while In particular, it's helpful to allow pubkey auth for trusted users and trusted systems, while not allowing the other 10000 users to make it into another .rhosts I have working code built off the portable release.
*** Bug 767 has been marked as a duplicate of this bug. ***
We have implemented a general mechanism to enable directives based on certain criteria, including user and group. It doesn't support authentications yet, but it's planned for the next release. With it, you would enable, say, pubkey authentication only for certain users thusly: PubkeyAuthentication no Match User foo,bar PubkeyAuthentication yes *** This bug has been marked as a duplicate of bug 1180 ***
Close resolved bugs after release.