Originally Posted by cK`
Is key auth safe enough to only rely on, without limiting the ips that can connect?
Yes, as long as passwords are disabled, as you have done.
Check out TCP Wrappers
. If you want to continue with the IP setup.
These deal with two files:
.allow rules trump the .deny rules.
and scroll down to 'hosts.allow and hosts.deny'.
ALL : ALL
in the .deny file and:
sshd : 192.168.
in the .allow file, your LAN should be secure. The '192.168.' covers the range of your local LAN, in case your router gives out dynamic IP addresses.