>> My backup user needs a shell on the backup server in order to execute >> rsync and needs to be included in /etc/ssh/sshd_config AllowUsers in >> order to SSH in. My authorized_keys file is locked-down. The second >> field for the user in /etc/shadow is an exclamation point which I >> think means the user can not log in with a password. Should I take >> any additional steps to prevent that user from logging in and not >> being subject to the authorized_keys restrictions? > > What about "PasswordAuthentication no"?
Can that be set for a single user? I have a normal user who needs to log in via SSH with a password and a backup user who only needs to run rsync via SSH keys. If not, does the exclamation point in /etc/shadow prevent the user from logging in without the SSH key? - Grant