1474 – Password authentication should be configurable per-user

Bug 1474 - Password authentication should be configurable per-user

Summary: Password authentication should be configurable per-user

Status:	CLOSED WORKSFORME

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	5.0p1
Hardware:	All All

Importance:	P2 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-05-31 19:43 AEST by Andrew Sayers
Modified:	2021-04-23 15:09 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Sayers 2008-05-31 19:43:38 AEST

The PasswordAuthentication option in sshd_config should have the following extra values:

* default-yes

Allow password logins for users that don't have a .ssh/disallow-passwords file

* default-no

Disallow password logins for users that don't have a .ssh/allow-passwords file

This would let users choose whether to allow passwords for their account, and would allow administrators to choose the default behaviour.

Comment 1 Darren Tucker 2009-08-28 19:11:36 AEST

You (ie the administrator) can use a Match block in sshd_config to configure PasswordAuthentication per user, eg:

PasswordAuthentication yes
Match User fred
  PasswordAuthentication no

see sshd_config(5) for more information.

This doesn't let users control their authentication methods but I'm not sure that's a good idea anyway.

Comment 2 Damien Miller 2021-04-23 15:09:41 AEST

closing resolved bugs as of 8.6p1 release