From 3260950712e5c12de51c75e65a55f0872db7ca3e Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Tue, 2 Feb 2021 13:06:04 +0200
Subject: [PATCH] sshd/anoncvs.conf: vcs users shouldn't ever be asked for a
 password

even if the system would allow that.
---
 etc/ssh/sshd_config.d/anoncvs.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/etc/ssh/sshd_config.d/anoncvs.conf b/etc/ssh/sshd_config.d/anoncvs.conf
index 98f2c624..be68f108 100644
--- a/etc/ssh/sshd_config.d/anoncvs.conf
+++ b/etc/ssh/sshd_config.d/anoncvs.conf
@@ -1,6 +1,8 @@
 # Version Control System accounts musn't have X11Forwarding, TCP Forwarding
 # or TTY. The anoncvs is usually a comment in stock sshd_config
 Match User anoncvs,git,gitea
+	PasswordAuthentication no
+	AuthenticationMethods publickey
 	X11Forwarding no
 	AllowTcpForwarding no
 	PermitTTY no