Hello, I would like to know how would I go about in using a connection type variable with the sshd_config. What would be the consequences,security,problem with doing such a thing. What I would like to accomplish is something like: Match Group Users ChrootDirectory "sftp/ssh" /home/%u ForceCommand "sftp/ssh" internal-sftp AllowTcpForwarding "sftp/ssh" no Where "sftp/ssh" would be used if the connection is regular ssh connection or sftp. So ChrootDirectory/ForceCommand would only be used if the connection matches that variable. Use case, a restricted or limited shell is being used which prevents users from running specific commands and locks them with a specific directory. All gets thrown out if sftp is used. Therefor if chrootdirectory/forcecommand can be used for sftp connection only it would lock the user within that directory. Currently is it not possible to use the above combination for both ssh/sftp user. Any ideas, suggestions, criticism would be helpful. -Luiz
Luiz Casey wrote:> Hello, I would like to know how would I go about in using a > connection type variable with the sshd_config.[...]> Where "sftp/ssh" would be used if the connection is regular ssh > connection or sftp. So ChrootDirectory/ForceCommand would only be used > if the connection matches that variable.I don't understand what you mean by "connection type" or "variable" here. Could you please give an example of a connection that would match and one that would not match? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Apparently Analagous Threads
- restrict file transfer in rsync, scp, sftp?
- internal-sftp only without ssh and scp hanging
- [Bug 2282] New: When group member count exceeds 126, config reliant fails
- restrict file transfer in rsync, scp, sftp?
- Chrooted SFTP-only users along with normal SFTP