How can I allow SSH password authentication from only certain IP addresses?

Use a Match block at the end of /etc/ssh/sshd_config:

# Global settings
…
PasswordAuthentication no
…

# Settings that override the global settings for matching IP addresses only
Match address 192.0.2.0/24
    PasswordAuthentication yes

Then tell the sshd service to reload its configuration:

service ssh reload

you can add:

AllowUsers [email protected].*.*, [email protected].*.*

this changes default behaviour, really deny all other users from all hosts. Match block available on OpenSsh version 5.1 and above.

How can I allow SSH password authentication from only certain IP addresses?

Tags:

Security

Authentication

Configuration

Ssh

Password

Related

Recent Posts