Most of my OpenSSH servers now require public key authentication for users. On a few systems, however, I must allow remote access with password auth. I need SSH to allow password auth from those IP addresses and only those addresses, but still require public keys from other locations.

Do this with OpenSSH's match keyword.

Start by configuring sshd for the most common case — in this case, requiring public key authentication. This requires only two changes to the default configuration:

...