restricted password access

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
In open-ssh on FC4, is there a way to allow password
access to some ip addresses (these would all be local),
but require RSA from all others?  I would parse the
packets in libipq to block the password request and
response, but, of course, they are encrypted, so I
don't know how to recognize them.

Thanks for your help.

Re: restricted password access

Quoted text here. Click to load it

There's a new feature ("Match") in OpenSSH 4.6 (which is newer than
what's in FC4) that allows this kind of thing.

The other way to do this with older versions is to run two copies of
sshd on different ports, one allowing password and one not, and use
firewall redirection rules to send connections from your local net to
the password-enabled one, and everyting else to the password-disabled one.

It's simpler with Match; you would put something like this in sshd_config:

PasswordAuthentication no
Match Address 10.0.0.*
    PasswordAuthentication yes

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline