Is there a way to configure sshd so that user 1 (who is a sudoer) can only access from the local net (ie 192.168.X.X) or via port 22, while user (or usergroup) 2 (who is not a sudoer) can access ssh from anywhere, possibly using a different port?

Basically the idea is to permit remote access but limit it to user level accounts only, whilst allowing me to use ssh to access the machine here on the local network.

Add something like this to /etc/ssh/sshd_config:


#user1 can connect only from a machine whose IP matches
AllowUsers user1@192.168.*.*

#user2 can connect from anywhere
AllowUsers user2

#likewise for all members of group1
AllowGroups group1

All users that are not user1, user2 or a member of group1 can't connect at all. Also, unfortunately, AllowGroups does not accept a hostname restriction.

Thanks so much!