Home / server / Questions / 263677
Accepted
senorsmile
Asked: 2011-04-27 13:35:13 +0800 CST

How to set up SSH passwordless key authentication for remote access only, allowing local users to use passwords

  • 772

I am trying to get an SSH server running Ubuntu 10.04 to allow password logons only when coming from the local network. For all other users, especially those logging in from the internet via the firewall, I want to force Key based authentication. I googled around and found the following.

Here's what I have changed in /etc/ssh/sshd_config:

PasswordAuthentication yes
Match Address 192.168.5.0/24
PasswordAuthentication yes

With that, I log in from another machine that has a 192.168.5. address, but it won't allow me in for lack of a publicKey: Permission denied (publickey).

ubuntu authentication ssh public-key

2 Answers

  1. Best Answer

    This should do the trick:

    PubkeyAuthentication yes
PasswordAuthentication no
Match Address 192.168.5.* PasswordAuthentication yes

    The first two lines will enable pubkey authentication by default. The last line will override the other two lines for the matched network (192.168.5.0/24).

    • 9

  2. The newline after the match condition is significant. This should work:

    PasswordAuthentication no
Match Address 192.168.5.0/24
PasswordAuthentication yes

    EDIT: I'm surprised the other answer worked! It didn't work for me. Well, this way you should be able to use a CIDR netmask.

    • 2