Re: sshd_config match keyword syntax

To: debian-user@lists.debian.org
Subject: Re: sshd_config match keyword syntax
From: Camaleón <noelamac@gmail.com>
Date: Thu, 30 Aug 2012 15:51:33 +0000 (UTC)
Message-id: <[🔎] k1o265$pns$9@ger.gmane.org>
References: <[🔎] 503F6C9E.4090306@rilynn.me.uk>

On Thu, 30 Aug 2012 14:37:34 +0100, Roger Lynn wrote:

> I want to force everyone except members of a particular group to run
> sftp when they ssh into a server. So at the end of /etc/ssh/sshd_config
> I have:
> 
> Match Group !sshers
>   ForceCommand /usr/lib/openssh/sftp-server
> 
> However I can't get the group negation to work. If I remove the '!' it
> works as expected, in that members of sshers are forced to run sftp.
> With the '!' the condition is never met, no one is forced to run sftp
> and the whole stanza appears to do nothing.
> 
> The documentation on the Match keyword is not very helpful, but it
> appears that the above should be allowed. What am I doing wrong? Is it a
> bug?

(...)

Agree, it could have been better docummented as Oracle did by adding some 
practical samples for their SunOS package:

***
http://docs.oracle.com/cd/E19082-01/819-2251/6n4i7tddd/index.html

Displaying a special banner for users not in the staff group:

Match Group *,!staff
  Banner /etc/banner.text
***

Check if that also works for you.

Greetings,

-- 
Camaleón

Reply to:

References:
- sshd_config match keyword syntax
  - From: Roger Lynn <Roger@rilynn.me.uk>

Prev by Date: Re: Dual-Monitor help
Next by Date: Re: copying data from a partition with badblocks
Previous by thread: Re: sshd_config match keyword syntax
Next by thread: qt embedded on Debian
Index(es):
- Date
- Thread