Enable password login for SFTP while keeping authentication by SSH keys

From what I gather you want to permit passwords from some users, but not others?
You could setup a Match block. So your config might look something like below.

...
PasswordAuthentication no
...
Match user drupalsftp
    PasswordAuthentication yes

Since you mentioned these password-based transactions are happening from drupal, perhaps you could whitelist based on the host address? Match address 127.0.0.1/32

You should even be able to combine the criteria, and say only a specific account from a specific address can do password authentication.

PasswordAuthentication no
...
Match user drupalsftp address 10.1.2.3/32
    PasswordAuthentication yes
    # also since we want only sftp
    ForceCommand internal-sftp

Links

https://www.freebsd.org/cgi/man.cgi?sshd_config(5) - See the 'Match' section
https://www.freebsd.org/cgi/man.cgi?ssh_config(5) - See the 'patterns' section

Enable password login for SFTP while keeping authentication by SSH keys

Tags:

Authentication

Sftp

Ssh

Drupal7

Related

Recent Posts