Web lists-archives.com

Re: SSH root login from one ip via certificate only, all other logins password only.

On Wed, 29 Aug 2018 13:32:56 +0100
James Allsopp <jamesaallsopp@xxxxxxxxxxxxxx> wrote:

> Hi,
> I need to have one computer I can ssh to other computers as root for
> Ansible. To do this I've set up a strong certificate with a password,
> but what I want is to only be able to log in as root from one IP
> using that cert. All other users should only log in via a password
> and can do so from any IP.
> Currently normal user logins are broken with this sshd_config. Can
> anyone tell me where I'm going wrong? Sudo is not an option.

I'd think it ought to be possible. Personally, I'd run two instances of
sshd, it's pretty lightweight, and that would (probably) eliminate
potential obscure bugs where the authors hadn't expected anyone to want
to do this.