After further investigation, I found that by adding
> AuthenticationMethods publickey
to the main portion of sshd_config and adding
> AuthenticationMethods publickey password
to the match block, it now works as expected. I don't know how this functions
differently than my prior setup, but at least it is working.
On May 4 2021, at 2:33 pm, Rob Crittenden <[email protected]> wrote:
> Eamon Doyle via FreeIPA-users wrote:
> > I am trying to require ssh keys for SSH connections that originate outside
> > of a subnet but allowing password auth within a subnet. Before setting up
> > FreeIPA, I did this by setting the following in my sshd_config:
> >
> > PasswordAuthentication no
> >
> > Match Address 172.16.0.*
> > PasswordAuthentication yes
> >
> >
> > After setting up FreeIPA, this configuration seems to be ignored. Instead,
> > password authentication seems to be allowed from any connection if
> > key-based auth fails. I presume I need to make changes to the sssd
> > configuration but I'm having trouble finding any info on achieving this.
> > Any info would be helpful.
>
> I assume you confirmed that your configuration was preserved after
> running ipa-client-install?
>
> rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
