David Leadbeater writes:
Any decent guide on configuring SSH will tell you to turn off password authentication but the pain with this is you need keys setup everywhere. Fortunately OpenSSH lets you set configuration based on the connecting IP address; add something like this to /etc/ssh/sshd_config
PasswordAuthentication no Match Address 192.168.* PasswordAuthentication yes
This allows me to use passwords from internal connections (i.e. from
192.168.0.0/16), and all other source addresses need an SSH key. Nice to
know, though I prefer to force SSH key authentication on all connections.