>>102756900
>>102756947
presumably he means he only wants LAN connections to be accepted
this can be done a few ways, one being like;
# disable auth entirely by default
PasswordAuthentication no
PubkeyAuthentication no
# enable pubkey auth for lan connections
Match Address 10.1.1.*
PubkeyAuthentication yes
or you could set the servers' listenaddress to your LAN ip
ListenAddress 10.1.1.2
or just don't port forward port 22 in the first place