# Authentication with SSH keys



## dennylin93 (Jul 30, 2009)

I just set up authentication with SSH keys, and I encountered the following problem.

I added this in /etc/ssh/sshd_config:

```
Match User dennylin93
        UsePAM no
```

When I restarted sshd, this error popped up:

```
/etc/ssh/sshd_config line 128: Directive 'UsePAM' is not allowed within a Match block
```

Is it possible to specify some users to use SSH keys while the others use PAM authentication?


----------



## SirDice (Jul 30, 2009)

Put a random password on the accounts that are only allowed to use ssh keys.


----------



## dennylin93 (Jul 30, 2009)

I'd still like to keep the existing passwords on those accounts that use SSH keys though, since they're the ones that use `$ sudo su` to obtain root privileges.


----------



## SirDice (Jul 30, 2009)

dennylin93 said:
			
		

> I'd still like to keep the existing passwords on those accounts that use SSH keys though, since they're the ones that use `$ sudo su` to obtain root privileges.


That would make random passwords somewhat inconvenient indeed :e

You could try doing it the other way around.

Set UsePAM to no by default and use something like

```
Match Group "!myadmins, users"
 PasswordAuthentication on
```

Unless you really need to use PAM..


----------

