From 1b6aa4229d8469b64f87b1cce079b39a74975197 Mon Sep 17 00:00:00 2001
From: Raine <raine@ixvd.net>
Date: Mon, 6 Nov 2023 17:37:46 +0100
Subject: [PATCH] feat: add password clause to ssh config

---
 skel/etc/ssh/sshd_config.d/password_authentication.conf | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 skel/etc/ssh/sshd_config.d/password_authentication.conf

diff --git a/skel/etc/ssh/sshd_config.d/password_authentication.conf b/skel/etc/ssh/sshd_config.d/password_authentication.conf
new file mode 100644
index 0000000..8c2c3ae
--- /dev/null
+++ b/skel/etc/ssh/sshd_config.d/password_authentication.conf
@@ -0,0 +1,8 @@
+# Disable password authentication by default
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+
+# Only allow password authentication for internal networks
+Match Address 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+    PasswordAuthentication yes
+    ChallengeResponseAuthentication yes
\ No newline at end of file