I'd like to write in my /etc/ssh/sshd_config file a complex statement, something like:
the idea would be to accept password logins for every user, but for john implement more strict rules such as allowing password logins only from a certain IP address.

... unfortunately, this does NOT work. can you tell me why?

You match pattern in the second section needs to be a comma-separated list. Check out https://bbs.archlinux.org/viewtopic.php?id=121945 for a reference.

thank you for your reply.

it seemed to be the right answer, but even with the comma:
the former statement overrides the latter, so that user john from address 192.168.0.100 does not have password authentication enabled.

I think I got it!

the problem was NOT the comma (it works fine without it, too), but the ORDER of the two 'match' statements.
works as it should: login requests for user john are accepted from 192.168.0.100 and rejected from 192.168.0.66, with any other user unaffected.

Great Job!
I used it on my DorkBlog too!

I'm honored, Habitual! (:
I'd like to add a few words about the problem, though, for future reference.

the point is to control access for user john from a certain IP address without dependence from default configuration, that is, retaining the secure behaviour even after a change to the default one.

what I mean is: this setup would be straightforward:
but changing from "PassAuth no" to "PassAuth yes" in the default case (first line) would break down the security of this last example (john from 192.168.0.66 would fall into the 'default' case and thus would be able to login), but it does not break the security of the earlier 'double-match' one (since the two cases do not rely on the default one).

cheers!