bugzilla-daemon at bugzilla.mindrot.org
2009-Apr-06 06:15 UTC
[Bug 1587] New: [man] sshd_config(5) provide examples of keyword 'Match'
https://bugzilla.mindrot.org/show_bug.cgi?id=1587
Summary: [man] sshd_config(5) provide examples of keyword
'Match'
Product: Portable OpenSSH
Version: 5.2p1
Platform: Other
OS/Version: Other
Status: NEW
Severity: enhancement
Priority: P2
Component: Documentation
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: jari.aalto at cante.net
The manual page reads:
Match Introduces a conditional block. If all of the criteria on
the
Match line are satisfied, the keywords on the following
lines
override those set in the global section of the config
file,
until either another Match line or the end of the file.
...
This looks like a useful feature, but from the description is hard to
understand how it is used.
Please provide 2-3 examples how to use this keyword in the manual page.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Apr-06 09:07 UTC
[Bug 1587] [man] sshd_config(5) provide examples of keyword 'Match'
https://bugzilla.mindrot.org/show_bug.cgi?id=1587
--- Comment #1 from Jari Aalto <jari.aalto at cante.net> 2009-04-06
19:07:28 ---
Darren Tucker has posted informative message about the
use of "Match" keyword. Please include his examples to the
manual page.
http://archive.netbsd.se/?ml=openssh-unix-dev&a=2006-03&t=1883229
# allow anyone to authenticate normally from the local net
Match Address 192.168.0.0/24
RequiredAuthentications default
# allow admins from the dmz with pubkey and password
Match Group admins Address 1.2.3.0/24
RequiredAuthentications publickey,password
# deny untrusted and local users from any other net
Match Group untrusted,lusers
RequiredAuthentications deny
# anyone else gets normal behaviour
Match all
RequiredAuthentications default
There's also some potential for other things too:
Match User anoncvs
PermitTcpForwarding no
Match Group nosftp
Subsystem sftp /bin/false
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-15 00:35 UTC
[Bug 1587] [man] sshd_config(5) provide examples of keyword 'Match'
https://bugzilla.mindrot.org/show_bug.cgi?id=1587
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> 2010-01-15
11:35:23 EST ---
There's an example in the sample sshd_config file:
# Example of overriding settings on a per-user basis
#Match User anoncvs
#>......X11Forwarding no
#>......AllowTcpForwarding no
#>......ForceCommand cvs server
(Most of the samples you quoted do not exist in the current code.)
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- sshd config parser
- [Bug 1846] New: wishlist: [PATCH] sshd_config - reformat for easier reading
- Bug#322036: logcheck: [manual] typo in SYNOPSIS (TIOS => OPTIONS)
- Bug#301175: logcheck-databas: SSH rules for debug level
- Bug#269315: logcheck: /etc/logcheck/ignore.d.server (add bind9 messages)