I would like to disable password login for a user. But instead of the error message (Public key) I would not like the user notice that the password login is disabled and prompting him for password.
So far I know I can disable password login for all users except one with
PasswordAuthentication no
Match User toto
PasswordAuthentication yes
But attempting to login as 'not_toto' will result an error message from the server, which I do not wish.
Do I need to modify openssh sources to do that? Or is there a configuration option which can do the job?
Edit:
Having two ssh servers running is an option, so killing connections with iptables or via another method (outside ssh configuration) could do it.
Edit 2:
I want to do this as I need two ssh instances, one in the official door to get in and the other is a honeypot. So the bots will give their password but never letting them in. (nb: this is a personal project I am the only one using the server and not logging colleagues passwords nor other nasty things, I just want to make some stats on bots)
The 'honeypot' server will be listening to port 22 and the 'official' server to another one, for example 344.
The first ssh server (say official) is OpenSSH_7.4p1 Debian-10+deb9u1, OpenSSL 1.0.2l 25 May 2017, installed with Debian packages.
The 'honeypot' is a modified version of Openssh-7.4p1 that logs username and passwords from login attempts.
Actually PAM should be enabled on this one but I will double check it. Maybe your option symcbean may be the right one.