Ping a Specific Port

Question

Dr NYU

Asked: 2016-10-05 12:04:21 +0800 CST2016-10-05 12:04:21 +0800 CST 2016-10-05 12:04:21 +0800 CST

Enable password login for SFTP while keeping authentication by SSH keys

772

How do I keep a password login enabled for SFTP transactions (made by Drupal, if this is important) while keeping it disabled for all other SSH key based authentications? Currently all the existing users of the CentOS server use keys to log in and /etc/ssh/sshd_config has PasswordAuthentication no)?

3 Answers

Voted

Zoredache · Answer 1 · 2016-10-05T13:24:59+08:00

Best Answer

Zoredache

2016-10-05T13:24:59+08:002016-10-05T13:24:59+08:00

From what I gather you want to permit passwords from some users, but not others?
You could setup a Match block. So your config might look something like below.

...
PasswordAuthentication no
...
Match user drupalsftp
    PasswordAuthentication yes

Since you mentioned these password-based transactions are happening from drupal, perhaps you could whitelist based on the host address? Match address 127.0.0.1/32

You should even be able to combine the criteria, and say only a specific account from a specific address can do password authentication.

PasswordAuthentication no
...
Match user drupalsftp address 10.1.2.3/32
    PasswordAuthentication yes
    # also since we want only sftp
    ForceCommand internal-sftp

Links

https://www.freebsd.org/cgi/man.cgi?sshd_config(5) - See the 'Match' section
https://www.freebsd.org/cgi/man.cgi?ssh_config(5) - See the 'patterns' section

14

Jakuje · Answer 2 · 2016-10-05T12:06:49+08:00

Jakuje

2016-10-05T12:06:49+08:002016-10-05T12:06:49+08:00

The SFTP is just a specific case of SSH session. Password login is enabled by default, if you have PasswordAuthentication yes or ChallengeResponseAuthentication yes in your /etc/ssh/sshd_config. Allowing password authentication does not block the key based authentication.

0

Mike Yang · Answer 3 · 2018-12-09T00:27:39+08:00

Mike Yang

2018-12-09T00:27:39+08:002018-12-09T00:27:39+08:00

Head over to the file /etc/ssh/sshd_config, and change the following line :

PasswordAuthentication yes

Then restart sshd :

sudo service ssh restart

0

Enable password login for SFTP while keeping authentication by SSH keys

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?