Bug 1474

Summary: Password authentication should be configurable per-user
Product: Portable OpenSSH Reporter: Andrew Sayers <andrew-bugzilla.mindrot.org>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WORKSFORME    
Severity: enhancement CC: djm, dtucker
Priority: P2    
Version: 5.0p1   
Hardware: All   
OS: All   

Description Andrew Sayers 2008-05-31 19:43:38 AEST 
The PasswordAuthentication option in sshd_config should have the following extra values:

* default-yes

Allow password logins for users that don't have a .ssh/disallow-passwords file

* default-no

Disallow password logins for users that don't have a .ssh/allow-passwords file

This would let users choose whether to allow passwords for their account, and would allow administrators to choose the default behaviour.
Comment 1 Darren Tucker 2009-08-28 19:11:36 AEST 
You (ie the administrator) can use a Match block in sshd_config to configure PasswordAuthentication per user, eg:

PasswordAuthentication yes
Match User fred
  PasswordAuthentication no

see sshd_config(5) for more information.

This doesn't let users control their authentication methods but I'm not sure that's a good idea anyway.
Comment 2 Damien Miller 2021-04-23 15:09:41 AEST 
closing resolved bugs as of 8.6p1 release