[ssh_x509] UsePAM sshd_config

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri Aug 11 23:18:14 EEST 2017

ssh_x509 at roumenpetrov.info wrote:
> Looks like UsePAM cannot be used in a Match block.
Yes . Allowed keywords in Match are documented in sshd_config(5)

> I currently have machine accounts and user accounts. Machine accounts use
> SSH keys whereas user accounts use X.509:
> Here is an abbreviated sshd_config file:
> ...
> PubkeyAlgorithms x509v3-sign-rsa
> ...
> UsePAM no
> ...
> Match Group *,!users
>    PubkeyAlgorithms ssh-rsa,rsa-sha2-256
> Is there another way to create new /home directories without setting UsePAM
> yes?
There is pam module that do this.

According to my knowledge NIS/NIS+ could mount pre-existing home 
directories. NIS does not create them.

Perhaps pam module is the only valuable solution.


Secure shell with X.509 certificate support

More information about the ssh_x509 mailing list