16 hours ago
I'd like to allow SSH password authentication from only a certain subnet. I see the option to disallow it globally in /etc/ssh/sshd_config:
# Change to no to disable tunnelled clear text passwords
Is there a way to apply this configuration to a select range of IP addresses?
32 hours ago
Use a Match block at the end of /etc/ssh/sshd_config:
# Global settings
# Settings that override the global settings for matching IP addresses only
Match address 192.0.2.0/24
Then tell the sshd service to reload its configuration:
service ssh reload
23 hours ago
you can add:
AllowUsers [email protected]*.*, [email protected]*.*
this changes default behaviour, really deny all other users from all hosts.
Match block available on OpenSsh version 5.1 and above.