Limiting SSH root logins to only "safe" networks in OpenSSH 4.x

view full story

http://serverfault.com – We want to limit root SSH login to only a few networks that we consider "safe" (VPN, etc.) without imposing the same condition on other accounts. In OpenSSH 5.x, we could use the match block. However, that is not an option in OpenSSH 4.x which is what we are limited to in RHEL5. I was thinking perhaps this could be done using PAM. Anyone have any idea? (HowTos)