I have a dedicated system account named "git" that is managed by gitlab/gitolite. Users connecting to this account always use SSH keys, "git" user doesn't have a password. If users connect without a SSH key or with a mis-configured key, they get confused by being asked for a password. I'm looking for a way how to set up the server so that in such a case it doesn't ask for a password and instead it displays some kind of user-friendly message ("Your key is missing or invalid" etc.) and drops the connection. Is it possible, either in sshd configuration, or in some other way (PAM perhaps)?
Note that I'm not asking how to set up public/private password-less connections. Just how to prevent the server asking for a password for a single specific user.
(I understand that such setup reveals to a potential attacker that user "git" exists in the system. But since "git" has no password and an attacker can easily determine its existence anyway, I consider it only a low risk.)
You can disable password logins for that specific user. You can't provide a specific message, but at least they won't be prompted for a password. Add the following in
/etc/ssh/sshd_config: