This is managed in the configuration of the SSH server.
You don't provide enough information as to what 'known in FreeIA' means in
your use case, but, assuming you mean users are FreeIPA users, by default
you would be using GSSAPI with SSH.
Assuming also there's a HBAC rule in place to allow SSH access to the host
or hostgroup in question, SSH keys would be an additional mechanism to
kerberos.
Check the sshd_config manual page for PasswordAuthentication and
AuthenticationMethods for additional information.
On Wed, May 5, 2021 at 10:46 AM Tony Brian Albers via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Hiya,
I'm trying to set up a host where users can only log on using ssh keys.
But the users must be known in FreeIPA.
So, how do I go about disabling password-based logins? I only want to
allow key-based logins.
TIA
/tony
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure