I'm honored, Habitual! (:
I'd like to add a few words about the problem, though, for future reference.
the point is to
control access for user john from a certain IP address
without dependence from default configuration, that is, retaining the secure behaviour even after a change to the default one.
what I mean is: this setup would be straightforward:
Code:
PasswordAuthentication no
Match User john Address 192.168.0.100
PasswordAuthentication yes
but changing from "PassAuth no" to "PassAuth yes" in the default case (first line) would break down the security of this last example (john from 192.168.0.66 would fall into the 'default' case and thus would be able to login), but it does not break the security of the earlier 'double-match' one (since the two cases do not rely on the default one).
cheers!