2

Assume UserA is allowed to log in by SSH to a server from public networks as well as from within private ones.

Is there any option to restrict password-enabled logins to the private networks while enforcing public key authentication for the rest of the world?

What I have so far in my config

AllowUsers [email protected] [email protected] usera

How can I enable usera to log in from [email protected]/24 by public key or password, and enforce pubic key login for usera from any other network?

Does something imilar to the following work? What is the exact notation syntax?

# no password login from the public PasswordAuthentication no ChallengeResponseAuthentication no # allow password login from private network Match Users [email protected]/24 [email protected]/24 PasswordAuthentication yes

Thanks for any enlightenment.

PS: Reason for this setup is to enable password-login from within the internal network as a measure of last resort if anything else fails.

Improve this question

1 Answer 1

Reset to default
2

Your configuration is close. I think what you want is

PubkeyAuthentication yes PasswordAuthentication yes AuthenticationMethods publickey Match Address 10.0.0.0/24 AuthenticationMethods publickey password

You can find the details in man sshd_config.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.