You're allowing only public-key authentication with
AuthenticationMethods publickey
but later you try to enable password authentication, which you aren't allowing as an authentication method. I'm wondering whether that might be a problem.
-----Original Message-----
From: David Mehler
Sent: Tuesday, March 24, 2020 9:53 PM
To: blind-sysadmins
Subject: [Blind-sysadmins] sshd not allowing a subgroup to authenticate according to it's authentication method
Hello,
I'm running sshd on FreeBSD 12.1. I'm having an issue, I want users in a group sftpusers to be able to be logged in via password and to be chrooted to their home directories. Everytime I try to log in I'm getting no supported authenticationmethods publickey. From the man page I thought that a group definition overrode a global configuration setting. Here's a config snipet:
# Authentication:
AuthenticationMethods publickey
#StrictModes yes
#PubkeyAuthentication yes
#PasswordAuthentication no
#PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM no
AllowAgentForwarding no
AllowTcpForwarding no
#GatewayPorts no
#ChrootDirectory none
Subsystem sftp internal-sftp
# Set up groups for different types of logins AllowGroups sshusers sftpusers
Match Group sshusers
PubkeyAuthentication yes
PasswordAuthentication no
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitTunnel no
Match Group sftpusers
ChrootDirectory /home/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitTunnel no
PermitTTY no
PasswordAuthentication yes
Suggestions welcome.
Thanks.
Dave.
_______________________________________________
Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org
To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
