Re: sshd_config match keyword syntax

To: debian-user@lists.debian.org
Subject: Re: sshd_config match keyword syntax
From: Brian <ad44@cityscape.co.uk>
Date: Thu, 30 Aug 2012 16:16:04 +0100
Message-id: <[🔎] 20120830151604.GC24280@desktop>
In-reply-to: <[🔎] 503F6C9E.4090306@rilynn.me.uk>
References: <[🔎] 503F6C9E.4090306@rilynn.me.uk>

On Thu 30 Aug 2012 at 14:37:34 +0100, Roger Lynn wrote:

> I want to force everyone except members of a particular group to run sftp
> when they ssh into a server. So at the end of /etc/ssh/sshd_config I have:
> 
> Match Group !sshers
>   ForceCommand /usr/lib/openssh/sftp-server
> 
> However I can't get the group negation to work. If I remove the '!' it works
> as expected, in that members of sshers are forced to run sftp. With the '!'
> the condition is never met, no one is forced to run sftp and the whole
> stanza appears to do nothing.
> 
> The documentation on the Match keyword is not very helpful, but it appears
> that the above should be allowed. What am I doing wrong? Is it a bug?

Two questions. I'll go for the first one. First read the PATTERNS section
of ssh_config(5). Then think about

   Match Group *

and

   Match Group *,!sshers

Reply to:

References:
- sshd_config match keyword syntax
  - From: Roger Lynn <Roger@rilynn.me.uk>

Prev by Date: copying data from a partition with badblocks
Next by Date: Re: Dual-Monitor help
Previous by thread: sshd_config match keyword syntax
Next by thread: Re: sshd_config match keyword syntax
Index(es):
- Date
- Thread