Hey. Perhaps someone can help me with the following (OpenSSH 6.7): I have a host reachable via miscellaneous interfaces (and network addresses) running SSH. Some specific users should be only reachable from the inside, so e.g. though something like this would do the job in sshd_config: #general config #... Match User foo LocalAddress 10.0.0.1,fe80:abba::0 PasswordAuthentication no KbdInteractiveAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no KerberosAuthentication no GSSAPIAuthentication no RSAAuthentication no PubkeyAuthentication yes Match User foo LocalAddress !10.0.0.1,!fe80:abba::0 PasswordAuthentication no KbdInteractiveAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no KerberosAuthentication no GSSAPIAuthentication no RSAAuthentication no PubkeyAuthentication no But apparently it never goes into the negative matching block :-( Also, it seems that hostnames can generally not be used with LocalAddress,.. is this expected? Cause that would be kinda nice. Thanks, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev