{"id":2476,"date":"2019-03-29T23:55:26","date_gmt":"2019-03-29T20:55:26","guid":{"rendered":"http:\/\/kifarunix.com\/?p=2476"},"modified":"2019-03-30T09:51:11","modified_gmt":"2019-03-30T06:51:11","slug":"disable-ssh-password-login-for-specific-users-in-ubuntu-18-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/disable-ssh-password-login-for-specific-users-in-ubuntu-18-04\/","title":{"rendered":"Disable SSH Password Login for Specific Users in Ubuntu 18.04"},"content":{"rendered":"

Today, we are going to learn how to disable ssh password login for specific users in Ubuntu 18.04. In our previous guide, we learnt how to allow or deny specific users to login via SSH in Ubuntu 18.04<\/a>.<\/p>\n

Disable SSH Password Login for Specific Users in Ubuntu 18.04<\/h3>\n

If you need to disable ssh password login for specific users in Ubuntu 18.04 or any other Linux distribution system, you would use Match<\/code> directive in the sshd_config<\/code> file. When you disable password authentication for user, the user can only login using SSH public key.<\/p>\n

There are different arguments that can be passed to the Match directive. These arguments can be one or more criteria-pattern pairs or the single token, All<\/code>, which matches all criteria. The available criteria are User<\/code>, Group<\/code>, Host<\/code>, LocalAddress<\/code>, LocalPort<\/code>, and Address<\/code>. The patterns may consist of single entries or comma-separated lists and may use the wildcard and negation operators.<\/p>\n

If all of the criteria on the Match line are satisfied, the keywords on the lines that follows override those set in the global section of the config file,until either another Match line or the end of the file. If a keyword appears in multiple Match blocks that are satisfied,
\nonly the first instance of the keyword is applied.<\/p>\n

Therefore, to disable SSH password login for specific users, edit the sshd configuration file and add the lines below at the end of the configuration file.<\/p>\n

vim \/etc\/ssh\/sshd_config<\/code><\/pre>\n
...\r\nMatch   User    amos,mibey\r\n        PasswordAuthentication  no<\/code><\/pre>\n
This disables SSH password login for the specified users, amos<\/code> and mibey<\/code>. Reload ssh configuration. If you try to login as any of the user whose password authentication is disabled, you will get the error, Permission denied (publickey).<\/code>;<\/p>\n
ssh amos@192.168.0.106        \r\nPermission denied (publickey).<\/code><\/pre>\n
As stated above, wildcards (*) or negation (!) operators can be used. For example, to disable password authentication for all system users except root user, put the lines below at the end of the configuration.<\/p>\n
...\r\nMatch   User    *,!root\r\n        PasswordAuthentication  no<\/code><\/pre>\n
If you have three users, amos, mibey and root, the above line will only allow root user to login with password while denying the rest of the users.<\/p>\n
You can also use the Group argument to disable password authentication for specific group. For example, to disable the members of the group local_users whose members are amos and mibey, add the lines below to the end of configuration file;<\/p>\n
...\r\nMatch   Group   local_users\r\n        PasswordAuthentication  no<\/code><\/pre>\n
Reload SSH<\/p>\n
systemctl reload ssh<\/code><\/pre>\n
If you try to login as either of the group members, you will get permission denied.<\/p>\n
ssh mibey@192.168.0.106\r\nPermission denied (publickey).<\/code><\/pre>\n
ssh amos@192.168.0.106 \r\nPermission denied (publickey).<\/code><\/pre>\n
Wildcards or negation operators can be similarly used.<\/p>\n
That is all about how to disable SSH password login for specific users in Ubuntu 18.04. To learn more about this, check the reference below;<\/p>\n
man sshd_config<\/a><\/code><\/pre>\n
You can also check our article on how to Configure SSH Public Key Authentication in Linux<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
Today, we are going to learn how to disable ssh password login for specific users in Ubuntu 18.04. In our previous guide, we learnt how<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,362,64],"tags":[367,71,67],"class_list":["post-2476","post","type-post","status-publish","format-standard","hentry","category-howtos","category-ssh","category-ubuntu-18-04","tag-match","tag-ssh","tag-ubuntu-18-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2476"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=2476"}],"version-history":[{"count":5,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2476\/revisions"}],"predecessor-version":[{"id":2491,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2476\/revisions\/2491"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=2476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=2476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=2476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}