James G. Sack (jim) wrote: > Gus Wirth wrote: >> The documentation for ssh and sshd has me a bit confused about >> configuring options for multiple interfaces. >> >> I have a box with two interfaces: >> eth0 - outside, the Internet >> eth1 - inside , the office LAN, 192.168.1.* >> >> For the outside connection eth0 I only want to allow ssh logins using >> authorized keys and NOT passwords. >> >> For the inside connection I want to be able to use password logins as >> well as authorized keys. >> >> For my .ssh/config file I'm guessing I should have something like this: >> ------------ >> Host 192.168.1.* >> PasswordAuthentication yes >> >> Host * >> PasswordAuthentication no >> >> -------------------- >> >> Does this seem right? I don't want to accidentally lock myself out of >> the box before I do this :/ > > I'm not sure of the format but, a first thought is shouldn't this be a > server configuration setting, ie, in file: > /etc/ssh/sshd_config
Ah well, maybe not -- I guess I was thinking of the match conditional-block, but docs say that can only control a limited set of override parms. If you wanted it to be a server policy rather than a user policy, I suppose you could always run 2 servers (on different ports). Still, it seem that one _ought to be_ able to do what you ask within one server and one sshd_config. Regards, ..j -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
