sshd_config match keyword syntax

To: debian-user@lists.debian.org
Subject: sshd_config match keyword syntax
From: Roger Lynn <Roger@rilynn.me.uk>
Date: Thu, 30 Aug 2012 14:37:34 +0100
Message-id: <[🔎] 503F6C9E.4090306@rilynn.me.uk>
Mail-followup-to: Roger Lynn <RLynn@fundamentalsltd.co.uk>
Mail-followup-to: debian-user@lists.debian.org

Hi,

I want to force everyone except members of a particular group to run sftp
when they ssh into a server. So at the end of /etc/ssh/sshd_config I have:

Match Group !sshers
  ForceCommand /usr/lib/openssh/sftp-server

However I can't get the group negation to work. If I remove the '!' it works
as expected, in that members of sshers are forced to run sftp. With the '!'
the condition is never met, no one is forced to run sftp and the whole
stanza appears to do nothing.

The documentation on the Match keyword is not very helpful, but it appears
that the above should be allowed. What am I doing wrong? Is it a bug?

I am running openssh-server 1:6.0p1-2 on a new Wheezy installation.

Thanks,

Roger

Reply to:

Follow-Ups:
- Re: sshd_config match keyword syntax
  - From: Brian <ad44@cityscape.co.uk>
- Re: sshd_config match keyword syntax
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: e2fsck errror: Error reading block (Attempt to read block from filesystem resulted in short read)
Next by Date: Re: debian on soneview notebook
Previous by thread: Re: OpenVPN
Next by thread: Re: sshd_config match keyword syntax
Index(es):
- Date
- Thread