Description of problem: I would like to further extend the Match directive to include my ServerIP. I have a system with several IP addresses on several networks, many of which are not easily captured by the 'from Host/IP' settings. The systems have an IP address they pass back and forth for HA reasons. For example: myhost.example.com has 4 interfaces, A is 203.0.113.100/2001:db8::a3, B is 10.2.6.8, C is 172.16.12.24, D is 198.51.100.100 I wish to set a firm rule that, no matter the origin, any connection to A must use Public Key auth - and not password auth. Similarly I've specific connection requirements on all connections on B, C, and D which themselves differ from each other (say: B allows TCP forwarding, C only permits some users, D permits root login). With both A and D having public IP addresses, I cannot distinguish between clients based only on their origin information. Expected results: Something like: Match ServerAddress 203.0.113.100 PasswordAuthentication no
Does "Match LocalAddress" not already do what you want? I.e. Match LocalAddress 203.0.113.100 PasswordAuthentication no
Somehow my search of the docs missed that option. Match LocalAddress is exactly what I was looking for.
Close all resolved bugs after 7.3p1 release