How to allow ssh to root user only from the local network?

Solution 1:

Use the Match config parameter in /etc/ssh/sshd_config:

# general config
PermitRootLogin no 

# the following overrides the general config when conditions are met. 
Match Address  192.168.0.*
    PermitRootLogin yes

See man sshd_config

Solution 2:

The Match address method was already mentioned, but you can also restrict the users (or groups) that are allowed to login onto a system. For instance, to limit logins to the user itai (from anywhere) and root (from a specific network), use:

AllowUsers itai [email protected].*

This prevents all other users (like apache) from logging in through SSH.

See also the AllowUsers keyword in the sshd_config(5) manual.

Tags:

Linux

Ssh

Centos6