How can i allow password ssh logins only from the local network

GiannisD · September 1, 2022, 6:05pm

I have a local ssh server that runs on diet pi on the raspberry pi 0 (first server) that i will use as a reverse ssh proxy so i can access my second server that is behind a nat network.

i have openssh installed on both severs

I set the second server to connect automaticly and foward some of his ports to the first server. The connection is authenticated by an rsa key

The first server will have the ssh port open so for max security i want to disable password logins from the public network and only make password logins from the local network (in case something goes wrong)

i allready tried adding this lines
PasswordAuthentication no

Match Address 192.168.1.*
PasswordAuthentication yes

but it still asks for a password when connecting from a public network like mobile data

trendy · September 2, 2022, 6:52am

Create a second instance of the sshd with different settings for the internal network.

dpsguard · September 3, 2022, 11:08pm

Did you try adding a Match all in the end?

PasswordAuthentication no
Match Address 192.168.1.0/24
PasswordAuthentication yes
Match all

dpsguard · September 7, 2022, 3:22pm

@Joulinar, when you get chance, can you please move this to discussions for better response. This is a troubleshooting, support related post that seems to be created by OP by mistake under Community Tutorials.

Joulinar · September 7, 2022, 7:21pm

I see @Jappe already did

GiannisD · September 7, 2022, 9:33pm

AuthenticationMethods publickey
Match Address 192.168.1.0/24,10.133.79.0/24
AuthenticationMethods publickey password

this is how it worked for me after playing around with it for hours .The second IP address is my VPN server

don’t put spaces when typing more than one IP address if you save and reboot you won’t have access through ssh