Change the SSH authentication method depending on the IP address
How can I setup my SSH server so that the authentication method depends upon the client IP address?
internal network -> password login enabled
request from WAN -> only passkeys enabled
I would avoid to setup two accounts (internal/external) for each user and rewrite the configuration file accordingly.
Have a look at the man page for sshd_config. If you have a reasonably up-to-date version of OpenSSH you can use Match directives:
Match Address 192.168.0.0/24
PasswordAuthentication yesMatch Address 10.0.0.0/24
PasswordAuthentication no
But as ErikA says, just use keyauth anyway and don’t let on that you can do this 
Check more discussion of this question.
Related posts:
- Change SSH authentication method depending on IP
- How to set up SSH passwordless key authentication for remote access only, allowing local users to use passwords
- Disable ssh password authentication by user
- how to disable SSH login with password for some users?
- How can roaming user access same domain with varying IP address depending on location?
Leave a comment
Recent Posts
Tags
active-directory
amazon-ec2
apache
apache2
backup
bash
centos
cisco
command-line
debian
dns
email
exchange
firewall
iis
iis7
iptables
linux
macosx
monitoring
mysql
networking
nginx
performance
permissions
php
postfix
raid
security
sql-server
sql-server-2005
sql-server-2008
ssh
ssl
ubuntu
unix
virtualization
vpn
webserver
windows
windows-7
windows-server-2003
windows-server-2008
windows-server-2008-r2
windows-xp