SSH Password Login From Specific IP Ranges

By | 2011/03/16

Want to require ssh keys from remote sources, but then allow ssh passwords from your local home network?

It is easy to make this specific configuration or alter as desired for your server. I’ll show you how!


1. Edit the sshd_config file

sudo nano /etc/ssh/sshd_config

In this file, edit the existing line PasswordAuthentication to ‘no’ so it reads as so:

PasswordAuthentication no

(This serves as the global setting for ssh.)

2. Now to make a custom setting for a specific ip range, put this at the very bottom of your /etc/ssh/sshd_config file:

Match Address 192.168.0.0/16,172.16.0.0/16,10.0.0.0/8
PasswordAuthentication yes

(It is critical that this be the very end of your config file as any options written below this line will be applied to this custom ip range.)

The above example will include most home network ip ranges, though of course edit as needed.

3. Save your file, then restart ssh.

sudo /etc/init.d/ssh restart

Done!