I think you can accomplish some of what you want using TCP Wrappers. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-tcpwrappers-access.html I don't know how you could do a-d at once though. Maciej Żenczykowski wrote: > Hello, > > does anybody know how to achieve the following with SSH... > > a) accept RSA authentication for all but root from any IP > b) accept RSA authentication for root from a couple IPs/Netmasks > c) accept password authentication for all but root from a dozen Netmasks > d) accept password authentication for root from 3 local netmasks only > > ie. make authentication depend on the USER,METHOD,CLIENT-IP triplet... > > Cheers, > MaZe. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >