David Leadbeater writes:

Any decent guide on configuring SSH will tell you to turn off password authentication but the pain with this is you need keys setup everywhere. Fortunately OpenSSH lets you set configuration based on the connecting IP address; add something like this to /etc/ssh/sshd_config

    PasswordAuthentication no
    Match Address 192.168.*
        PasswordAuthentication yes

This allows me to use passwords from internal connections (i.e. from, and all other source addresses need an SSH key. Nice to know, though I prefer to force SSH key authentication on all connections.

Linux, Security, MacOSX, CLI, and SSH :: 25 Jan 2011 :: e-mail