Restrict openSSH 6.1p1 logins via LDAP to an IP range

view story

http://serverfault.com – I have some servers in the DMZ that receive public traffic from an external (public) IPv4 address. This is translated at our gateway to a 172.x.x.x address. All external clients are using local accounts and are chrooted. They connect via this manner. Internal accounts coming from our internal addresses are from 10.x.x.x I would like to restrict openssh to listen to LDAP only from the internal (10.x) network. I would like to configure this within the sshd conf file if possible (no tcpwrappers or iptables). So, sshd connections -> 172.x.x.x local auth only sshd connections -> 10.x.x.x loc (HowTos)