sshd not allowing a subgroup to authenticate according to it's authentication method
Hello, I'm running sshd on FreeBSD 12.1. I'm having an issue, I want users in a group sftpusers to be able to be logged in via password and to be chrooted to their home directories. Everytime I try to log in I'm getting no supported authenticationmethods publickey. From the man page I thought that a group definition overrode a global configuration setting. Here's a config snipet: # Authentication: AuthenticationMethods publickey #StrictModes yes #PubkeyAuthentication yes #PasswordAuthentication no #PermitEmptyPasswords no ChallengeResponseAuthentication no UsePAM no AllowAgentForwarding no AllowTcpForwarding no #GatewayPorts no #ChrootDirectory none Subsystem sftp internal-sftp # Set up groups for different types of logins AllowGroups sshusers sftpusers Match Group sshusers PubkeyAuthentication yes PasswordAuthentication no X11Forwarding no AllowTcpForwarding no AllowAgentForwarding no PermitTunnel no Match Group sftpusers ChrootDirectory /home/%u ForceCommand internal-sftp X11Forwarding no AllowTcpForwarding no AllowAgentForwarding no PermitTunnel no PermitTTY no PasswordAuthentication yes Suggestions welcome. Thanks. Dave.
You're allowing only public-key authentication with AuthenticationMethods publickey but later you try to enable password authentication, which you aren't allowing as an authentication method. I'm wondering whether that might be a problem. -----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Tuesday, March 24, 2020 9:53 PM To: blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] sshd not allowing a subgroup to authenticate according to it's authentication method Hello, I'm running sshd on FreeBSD 12.1. I'm having an issue, I want users in a group sftpusers to be able to be logged in via password and to be chrooted to their home directories. Everytime I try to log in I'm getting no supported authenticationmethods publickey. From the man page I thought that a group definition overrode a global configuration setting. Here's a config snipet: # Authentication: AuthenticationMethods publickey #StrictModes yes #PubkeyAuthentication yes #PasswordAuthentication no #PermitEmptyPasswords no ChallengeResponseAuthentication no UsePAM no AllowAgentForwarding no AllowTcpForwarding no #GatewayPorts no #ChrootDirectory none Subsystem sftp internal-sftp # Set up groups for different types of logins AllowGroups sshusers sftpusers Match Group sshusers PubkeyAuthentication yes PasswordAuthentication no X11Forwarding no AllowTcpForwarding no AllowAgentForwarding no PermitTunnel no Match Group sftpusers ChrootDirectory /home/%u ForceCommand internal-sftp X11Forwarding no AllowTcpForwarding no AllowAgentForwarding no PermitTunnel no PermitTTY no PasswordAuthentication yes Suggestions welcome. Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
participants (2)
-
David Mehler -
Jason White