Originally Posted by
zzzBrett
Is it possible to allow SSH authentication by password only when on the local network, but require a key when connecting from a remote network (internet)?
(OpenSSH)
Look at Match in sshd_config. It allows you to change the value of PasswordAuthentication based on group or network. Substitute your subnet for the one below.
Code:
# require a key for everybody
PasswordAuthentication no
# any member of the group 'downstairs' can log in without a key
# while connecting from the subnet
Match Address 192.168.0.0/16 Group downstairs
PasswordAuthentication yes
Match also allows the following to be changed: AllowTcpForwarding, Banner, ChrootDirectory, ForceCommand, GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication, KbdInteractiveAuthentication, KerberosAuthentication, MaxAuthTries, MaxSessions, PermitOpen, PermitRootLogin, RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset, X11Forwarding, and X11UseLocalHost.