passwd-less logins for SOME accounts, passwd required for ALL others?

From: Alexander N. Spitzer <aspitzer(at)spitzer.org>
Date: Mon Dec 16 2002 - 11:29:20 EST

SHORT:

---

Is it possible to allow only a handful of accounts the ability to ssh/scp/etc without a passwd, while FORCING all other users to require a passwd to connect?

LONG:

---

The only solution so far is to run 2 instances of SSH

1. 1 instances runs on port 22, and does not allow passwdless access
2. 1 instances runs on port 2222, and allows passwdless access (authorized_keys) , but in the sshd_config there is the line:

AllowUsers user1 user2 user3

so only users user1 user2 user3 have access to this version...

This seems less that optimal though, because we will either have to add "-p 2222" to all jobs that currently use SSH, or add a ~.ssh/config in all the homes of the accounts that need to default to the instances running on port 2222...

There also is the option of using an ssh-agent, but this seems no good because it requires manual input at times...

I have looked through the man pages, and searched this list via the web interface, but I have not been able to find the holy grail...

Is there any directive in sshd that specifies something like

AllowAuthorizedKeys user1 user2 user3

TIA!                                         -alex

---

Name : Alexander N. Spitzer
Web : http://www.spitzer.org Received on Mon Dec 16 12:28:35 2002