While reading How to prevent a specified SSH user from signing in only from an IP address or a host name? I approached to solve a problem that I have with specific connections – but that does not cover my case.
I have to make sure that an SSH connection to my host from something other than
192.168.10.0/24 is authenticated via a key. Connections
192.168.10.0/24 can use both (or only a password if there is a problem).
ssh_config The man page mentions in the PATTERNS section that
the next entry (in
clés_autorisées) can be used:
from = "! *. dialup.example.com, *. example.com"
That would allow a solution exactly opposite to mine: some sources are do not allowed to use the keys but I do not see how to turn it into my need.
How to force the use of ssh keys when the client does not connect from certain IP addresses?