Allow root login from one IP address only

I have centos5.

Is there any way that i can log into my vps server with root user from particular ip address only.

I have read that i can use private key to login into sshd. But the problem is i am using SFTP for all my webistes and i don't want non IT users to use keys to login with SFTP.

OR is there any way that only root can use keys to login into shell but for others its normal password

Solution 1:

A better way now is to use the Match keyword:

Match Host myworkstation
        PermitRootLogin yes

or

Match Address 192.168.1.100
        PermitRootLogin yes

That way, you can leave PermitRootLogin set to 'no', but you can still log in as root from your workstation.

This can also be used, for example, to allow root to rsync data between two hosts.

Solution 2:

It is generally a better practice to log in as a non-privileged user first then use 'su -' or 'sudo' to gain root privileges, but...

You could always put the IP restriction on your key in ~root/.ssh/authorized_keys:

from="192.168.1.100" ssh-rsa AAAAh9uif...auwehuf== [email protected]

This would allow ssh using the [email protected] key only from 192.168.1.100.

Solution 3:

Use:

PermitRootLogin without-password

In /etc/ssh/sshd_config. Every user excluding root will be allowed to use password logins. Root needs to use keys to login.

Solution 4:

Edit sshd_config (usually in /etc/ssh), and add or change the following directives

  PermitRootLogin yes
  AllowUsers root@thehosttoallow

Then restart the daemon

  service ssh restart