David Leadbeater writes:

Any decent guide on configuring SSH will tell you to turn off password authentication but the pain with this is you need keys setup everywhere. Fortunately OpenSSH lets you set configuration based on the connecting IP address; add something like this to /etc/ssh/sshd_config

PasswordAuthentication no
    Match Address 192.168.*
        PasswordAuthentication yes

This allows me to use passwords from internal connections (i.e. from, and all other source addresses need an SSH key. Nice to know, though I prefer to force SSH key authentication on all connections.

Flattr this
Linux, Security, MacOSX, CLI, and SSH :: 25 Jan 2011 :: e-mail


blog comments powered by Disqus