I would like to restrict external SSH logins to specific users and allow intranet logins (192.168.0.0/24) to all users. I would appreciate a complete example file for this scenario.
Asked
Active
Viewed 586 times
2
-
note that 192.168.0.0/8 is _not_ a valid private IP class, it should be a B or C class, /8 means a C class (192.x.x.x) – drAlberT Sep 04 '09 at 11:14
-
2@AlberT: A /8 was equivalent to a class A, not a class C -- but for the sake of all that's holy, STOP USING CLASSFUL NOTATION. It's not helpful. – womble Sep 04 '09 at 11:39
3 Answers
3
Although not tested, you should be able to use something akin to.
Match Address *,!192.168.0.0/24
DenyUsers *
AllowUsers user1 user2 user3
This would go into your sshd_config
file.
![](../../users/profiles/7083.webp)
Dan Carley
- 25,189
- 5
- 52
- 70
2
Thank you for your answers. I have also found the following sshd_config syntax at http://ubuntuforums.org/showthread.php?t=523477 :
AllowUsers john
AllowUsers *@192.168.0.*
![](../../users/profiles/9789.webp)
agsamek
- 301
- 1
- 3
- 12
0
Use host or public key authentication on the local LAN and then password authentication.
Than configure known hosts or known_keys for every PC in you intranet
![](../../users/profiles/12431.webp)
drAlberT
- 10,871
- 7
- 38
- 52