SSH has some nice security features like password-less authentication. For the sysadmin who wants even more fine-grained control, the ssh configuration has a setting for what users are allowed to authenticate based on their IP address.
# /etc/ssh/sshd_config AllowUsers email@example.com firstname.lastname@example.org git@*
This configuration says that
deployer are only allowed to login from
git can login from any IP address. You can also use wildcards the other way:
The most useful thing here is the ability to use
* to match users and hosts.
h/t Chris Erin