openssh unix dev - Nov 2009 - Connection type variable

Hello,
I would like to know how would I go about in using a connection type variable
with the sshd_config. What would be the consequences,security,problem with doing
such a thing. What I would like to accomplish is something like:

Match Group Users

ChrootDirectory "sftp/ssh" /home/%u

ForceCommand "sftp/ssh" internal-sftp

AllowTcpForwarding "sftp/ssh" no

Where "sftp/ssh" would be used if the connection is regular ssh
connection or sftp. So ChrootDirectory/ForceCommand would only be used if the
connection matches that variable.
Use case, a restricted or limited shell is being used which prevents users from
running specific commands and locks them with a specific directory. All gets
thrown out if sftp is used. Therefor if chrootdirectory/forcecommand can be used
for sftp connection only it would lock the user within that directory. Currently
is it not possible to use the above combination for both ssh/sftp user. Any
ideas, suggestions, criticism would be helpful.

-Luiz

Luiz Casey wrote:
> Hello, I would like to know how would I go about in using a
> connection type  variable with the sshd_config.
[...]
> Where "sftp/ssh" would be used if the connection is regular ssh
> connection or sftp. So ChrootDirectory/ForceCommand would only be used
> if the connection matches that variable.
I don't understand what you mean by "connection type" or
"variable"
here.  Could you please give an example of a connection that would match 
and one that would not match?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.