On 06/09/2009 07:08 AM, Martin Schimandl wrote:> But unfortunately the documentation of the Match-Statement refers to the
> PATTERN section, which is non existent :-(
I think it refers to PATTERNS (not PATTERN), and it seems to refer to
ssh_config(5), not sshd_config(5). What version of openSSH are you
using? With OpenSSH 5.1p1 (from debian testing), it looks like the
section is available in the referenced man page:
>> 0 dkg at pip:~$ man sshd_config | grep -C2 criteria
>> hmac-ripemd160,hmac-sha1-96,hmac-md5-96
>>
>> Match Introduces a conditional block. If all of the criteria on
the
>> Match line are satisfied, the keywords on the following
lines
>> override those set in the global section of the config
file,
>> until either another Match line or the end of the file.
>>
>> The arguments to Match are one or more criteria-pattern
pairs.
>> The available criteria are User, Group, Host, and Address.
The
>> match patterns may consist of single entries or
comma-separated
>> lists and may use the wildcard and negation operators
described
>> in the PATTERNS section of ssh_config(5).
>>
>> The patterns in an Address criteria may additionally
contain
>> addresses to match in CIDR address/masklen format, e.g.
>> ?192.0.2.0/24? or ?3ffe:ffff::/32?. Note that the mask
length
>> 0 dkg at pip:~$ man ssh_config | grep -A3 ^PATTERNS
>> PATTERNS
>> A pattern consists of zero or more non-whitespace characters, ?*?
(a
>> wildcard that matches zero or more characters), or ??? (a wildcard
that
>> matches exactly one character). For example, to specify a set of
decla?
>> 0 dkg at pip:~$
Have you tried looking in ssh_config(5) instead of sshd_config(5) ?
hth,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20090609/530f1590/attachment.bin>