LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Blocking SSH passwords *only* for remote users
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-14-2023, 04:44 PM   #1
compata
LQ Newbie
 
Registered: May 2023
Posts: 5

Rep: Reputation: 0
Blocking SSH passwords *only* for remote users

I know how to enable SSH password access and how to prohibit it and require key access instead. What isn't obvious is whether I can do both on the same system for different users.

What I want is to allow password access for anyone connecting on my LAN but require keys for anyone connecting from the world. I suppose I could do that by running two different SSH daemons (on different ports) but I wonder if there is a more straight-forward method.
 
Old 07-14-2023, 06:25 PM   #2
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,760

Rep: Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931
ssh has a match directive that should work.

Code:
PasswordAuthentication no
ChallengeResponseAuthentication no

Match address 192.168.1.0/24
    PasswordAuthentication yes
Match all
Change the address to match your LAN subnet.
 
2 members found this post helpful.
Old 07-14-2023, 07:50 PM   #3
compata
LQ Newbie
 
Registered: May 2023
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks, michealk. I would have been surprised if there wasn't something like that.
 
Old 07-15-2023, 12:25 AM   #4
Turbocapitalist
LQ Guru
Contributing Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,333
Blog Entries: 3

Rep: Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730
OpenSSH has some of the better reference manual pages out there. For the manual pages which are well written, it is an especially good habit to check them periodically when trying new things or revisiting an old task.

So be sure to follow up on that by reading up on the Match directive in the relevant manual page: "man sshd_config"
 
  


Reply

Tags
ssh



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to convert user passwords and group passwords using pwconv? dolceinter1 Linux - Security 2 11-04-2008 10:03 PM
updating samba passwords with system passwords paranoid times Linux - Software 3 10-03-2006 09:04 PM
Sync MySQL passwords with local account passwords? turbine216 Linux - Software 2 02-18-2005 03:15 AM
Completely uninstalling MySQL and its passwords passwords...how? I locked myself out! Baix Linux - Newbie 2 01-30-2005 04:10 PM
Is there a way to sync Samba passwords with linux user passwords MarleyGPN Linux - Networking 2 09-09-2003 10:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:23 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration