Question

193

How can I allow SSH password authentication from only certain IP addresses?

rated 0 times [ 193] [ 0] / answers: 1 / hits: 235959 / 2 Years ago, fri, january 21, 2022, 5:11:01

I'd like to allow SSH password authentication from only a certain subnet. I see the option to disallow it globally in /etc/ssh/sshd_config:

# Change to no to disable tunnelled clear text passwords

#PasswordAuthentication yes

Is there a way to apply this configuration to a select range of IP addresses?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

rialhirt

Add To Favorites

Follow

Total Points: 422

Total Questions: 113

Total Answers: 120

Location: France

Member since Sun, May 15, 2022

2 Years ago

rialhirt questions

1 Creating tar files without including the directories

Mon, May 24, 21, 18:24, 3 Years ago

1 Is it secure that Linux have default users?

Tue, May 10, 22, 21:43, 2 Years ago

1 How to install MEGAsync client on ubuntu 22.04

Thu, Feb 16, 23, 16:32, 1 Year ago

1 curl: (77) error setting certificate verify locations (Ubuntu 20.04.3 LTS)

Tue, Jul 12, 22, 20:51, 2 Years ago

1 How can I open LibreOffice .dat files?

Mon, Jun 13, 22, 03:02, 2 Years ago

View All

answered 2 Years ago rontablis · Accepted Answer

Use a Match block at the end of /etc/ssh/sshd_config:

# Global settings

…

PasswordAuthentication no

…



# Settings that override the global settings for matching IP addresses only

Match address 192.0.2.0/24

    PasswordAuthentication yes

Then tell the sshd service to reload its configuration:

service ssh reload