I'm trying to restrict access to an existing sftp server to a user, to allow it log in only from an IP address, but it's not working. In my case, I'm trying to allow to user some_user to log in ONLY from 192.168.12.10.
This is my complete sshd_config file:
Port 22
Protocol 2
SyslogFacility AUTHPRIV
RSAAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
GSSAPICleanupCredentials yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding no
Subsystem sftp /usr/libexec/openssh/sftp-server
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,[email protected],hmac-ripemd160
KerberosAuthentication no
PubkeyAuthentication yes
UsePAM yes
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
GSSAPIAuthentication yes
ChallengeResponseAuthentication yes
AuthorizedKeysCommandUser nobody
Match User some_user, Address !192.168.12.10
PasswordAuthentication no
PubkeyAuthentication yes
Match User some_user, Address 192.168.12.10
ChrootDirectory /home/some_user/
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
I got this configuration (the Match User sections) from this page.
But it's not working: I'm still able to log in from any IP address. I've also tried what is suggested in this thread but to no avail.
Am I missing something?
Thanks for your attention.
Best regards.
Match User
entries for the same IP? Try to setPubkeyAuthentication no
.