I have a question about sshd and I'm unable to find an answer, I checked the
man page, the FAQ, the archives of the mailing list without success.
I'm in a small organization with a single server (Stable Linux Debian).
connected to two networks: local-network and internet.
>From the local network, everybody is allowed to do SSH (sftp in fact) but I
want to restrict SSH connection coming from Internet to a group of users
(this group is named ssh, users within this group should be the only ones
allowed to connect from Internet).
I tried to deny any login method to users not on the local network and not
in the ssh group by writing into /etc/ssh/sshd_config the following section:
Match Address ! Group !ssh
KbdInteractiveAuthentication no
KerberosAuthentication no
PasswordAuthentication no
PubkeyAuthentication no
RSAAuthentication no
But it does not work: I can login with password using a user not in the ssh
group. I am doing it wrong? Why it doesn't work as expected? Is it
Sebastien Koechlin