# SSH pub/priv key + PAM

## remix

Hi,

I'm using pub/priv key authentication for ssh access

Is there a way to allow only one user to use PAM keyboard-interactive authentication?

the purpose is for a semi-public anonymous dropbox for clients to upload assets to a secure server (multiple clients share one common username password)

thanks.

----------

## Bartek Majka

According to http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-configuration-file.html, "account" module type allows to implement this rule.

----------

## remix

thanks for the link. some of those descriptions are in man pam

can you help me understand how to set up my default gentoo install so that i can set a specific user to allow ssh access using username/password authentication, (and disallow for all others) ?

thanks

----------

## Bartek Majka

Just add 

```

DenyUsers *

AllowUsers user1 user2 user3

```

to /etc/ssh/sshd_config file if you want to allow access only to user1, user2 and user3 users.

```
man sshd_config
```

will give you more information.

----------

## remix

 *Bartek Majka wrote:*   

> Just add 
> 
> ```
> 
> DenyUsers *
> ...

 

i already have this to allow only certain users to login using ssh keys.

i want to only allow one user to be able to login with a password.

----------

## Rexilion

You guys were so close, I assume that with PAM you mean regular password authentication:

```
PasswordAuthentication no # disable for everyone

Match user guest

PasswordAuthentication yes # one exception, just for user guest
```

If you meant some other authorization method, then the method is the same.

Is this what you were looking for?

----------

