I'm honored, Habitual! (:
I'd like to add a few words about the problem, though, for future reference.
the point is to control access for user john
from a certain IP address without dependence from default configuration
, that is, retaining the secure behaviour even after a change to the default one.
what I mean is: this setup would be straightforward:
Match User john Address 192.168.0.100
but changing from "PassAuth no" to "PassAuth yes" in the default case (first line) would break down the security of this last example (john from 192.168.0.66 would fall into the 'default' case and thus would be able to login), but it does not break the security of the earlier 'double-match' one (since the two cases do not rely on the default one).