SSH Password Login From Specific IP Ranges

By | 2011/03/16

Want to require ssh keys from remote sources, but then allow ssh passwords from your local home network?

It is easy to make this specific configuration or alter as desired for your server. I’ll show you how!


1. Edit the sshd_config file

sudo nano /etc/ssh/sshd_config

In this file, edit the existing line PasswordAuthentication to ‘no’ so it reads as so:

PasswordAuthentication no

(This serves as the global setting for ssh.)

2. Now to make a custom setting for a specific ip range, put this at the very bottom of your /etc/ssh/sshd_config file:

Match Address 192.168.0.0/16,172.16.0.0/16,10.0.0.0/8
PasswordAuthentication yes

(It is critical that this be the very end of your config file as any options written below this line will be applied to this custom ip range.)

The above example will include most home network ip ranges, though of course edit as needed.

3. Save your file, then restart ssh.

sudo /etc/init.d/ssh restart

Done!

One thought on “SSH Password Login From Specific IP Ranges

  1. Georgie

    Looks handy but just to note, you need OpenSSH V5 or later to have this feature. I’m on OpenSSH_3.9p1 and I got this error: /etc/ssh/sshd_config: terminating, 1 bad configuration options

    Couldn’t be bothered upgrading, I’ll just use IP Tables.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.