-------------------------------------------------------------------------------
Notes on sshd configuration
-------------------------------------------------------------------------------
Restrictive User access....

Basic
=======8<--------
DenyUsers bob,joe,phil
=======8<--------


Alternative to DenyUsers
=======8<--------
Match User bob,joe,phil
  PasswordAuthentication yes
  AllowTCPForwarding yes
  ForceCommand /bin/echo 'We talked about this guys. No SSH for you!'
Match All
=======8<--------


Only allow 'control' users from specific IP
=======8<--------
Match User ansible,backup,support Address *,!176.x.x.x
    DenyUsers ansible,backup,support

Match User backup
    AllowTcpForwarding yes
    AllowAgentForwarding yes
    PermitListen 127.0.0.1:2223
Match All
=======8<--------


-------------------------------------------------------------------------------

This FAILS to allow password authentication
=======8<--------
PasswordAuthentication         no
Match User anthony
    PasswordAuthentication     yes
Match All
=======8<--------

=======8<--------
Match User anthony
    PasswordAuthentication     yes
Match All
    PasswordAuthentication     no
=======8<--------


-------------------------------------------------------------------------------