How can I allow SSH password authentication from only certain IP addresses?


Answer: 1

16 hours ago

I'd like to allow SSH password authentication from only a certain subnet. I see the option to disallow it globally in /etc/ssh/sshd_config:

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

Is there a way to apply this configuration to a select range of IP addresses?

Added by: Alize Brekke

Answer: 2

32 hours ago

Use a Match block at the end of /etc/ssh/sshd_config:

# Global settings
PasswordAuthentication no

# Settings that override the global settings for matching IP addresses only
Match address
    PasswordAuthentication yes

Then tell the sshd service to reload its configuration:

service ssh reload

Answer: 3

23 hours ago

you can add:

AllowUsers [email protected]*.*, [email protected]*.*

this changes default behaviour, really deny all other users from all hosts. Match block available on OpenSsh version 5.1 and above.

Added by: Brock Zboncak

Popular Search

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9