How to allow ssh to root user only from the local network?
Solution 1:
Use the Match
config parameter in /etc/ssh/sshd_config
:
# general config
PermitRootLogin no
# the following overrides the general config when conditions are met.
Match Address 192.168.0.*
PermitRootLogin yes
See man sshd_config
Solution 2:
The Match address
method was already mentioned, but you can also restrict the users (or groups) that are allowed to login onto a system. For instance, to limit logins to the user itai
(from anywhere) and root
(from a specific network), use:
AllowUsers itai [email protected].*
This prevents all other users (like apache
) from logging in through SSH.
See also the AllowUsers
keyword in the sshd_config(5) manual.