Want to require ssh keys from remote sources, but then allow ssh passwords from your local home network?
It is easy to make this specific configuration or alter as desired for your server. I’ll show you how!
1. Edit the sshd_config file
sudo nano /etc/ssh/sshd_config
In this file, edit the existing line PasswordAuthentication to ‘no’ so it reads as so:
PasswordAuthentication no
(This serves as the global setting for ssh.)
2. Now to make a custom setting for a specific ip range, put this at the very bottom of your /etc/ssh/sshd_config file:
Match Address 192.168.0.0/16,172.16.0.0/16,10.0.0.0/8 PasswordAuthentication yes
(It is critical that this be the very end of your config file as any options written below this line will be applied to this custom ip range.)
The above example will include most home network ip ranges, though of course edit as needed.
3. Save your file, then restart ssh.
sudo /etc/init.d/ssh restart
Done!
Twitter: georgiecasey
Looks handy but just to note, you need OpenSSH V5 or later to have this feature. I’m on OpenSSH_3.9p1 and I got this error: /etc/ssh/sshd_config: terminating, 1 bad configuration options
Couldn’t be bothered upgrading, I’ll just use IP Tables.