Hey Damien,
> Would something like this help?
>
> Match sessiontype shell
> User foo
> Match remotecommand "none"
> User foo2
> Match sessiontype exec remotecommand "/rsync"
> User bar
> Match sessiontype subsystem remotecommand "sftp"
> User baz
>
>
> diff --git a/readconf.c b/readconf.c
> <snip>
Thanks for looking into it, much appreciated. I think it's looking on the
right track, but after applying the patch locally to test it, openssh-portable
ceases to compile:
```
cc -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra -Wpointer-arith
-Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess
-Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result
-Wimplicit-fallthrough -Wmisleading-indentation -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=used
-ftrivial-auto-var-init=zero -fno-builtin-memset -fstack-protector-strong -fPIE
-I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE
-DOPENSSL_API_COMPAT=0x10100000L -DSSHDIR=\"/usr/local/etc\"
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_SK_HELPER=\"/usr/local/libexec/ssh-sk-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\"
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c session.c
-o session.o
ranlib libssh.a
readconf.c:1033:1: error: conflicting types for ?process_config_line?; have
?int(Options *, struct passwd *, const char *, const char *, char *, const char
*, int, int *, int)?
1033 | process_config_line(Options *options, struct passwd *pw, const char
*host,
| ^~~~~~~~~~~~~~~~~~~
In file included from readconf.c:66:
readconf.h:243:10: note: previous declaration of ?process_config_line? with type
?int(Options *, struct passwd *, const char *, const char *, struct sshbuf *,
char *, const char *, int, int *, int)?
243 | int process_config_line(Options *, struct passwd *, const char *,
| ^~~~~~~~~~~~~~~~~~~
...
cc -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra -Wpointer-arith
-Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess
-Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result
-Wimplicit-fallthrough -Wmisleading-indentation -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=used
-ftrivial-auto-var-init=zero -fno-builtin-memset -fstack-protector-strong -fPIE
-I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE
-DOPENSSL_API_COMPAT=0x10100000L -DSSHDIR=\"/usr/local/etc\"
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_SK_HELPER=\"/usr/local/libexec/ssh-sk-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\"
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c
auth2-hostbased.c -o auth2-hostbased.o
readconf.c:2431:1: error: conflicting types for ?read_config_file?; have
?int(const char *, struct passwd *, const char *, const char *, Options *, int,
int *)?
2431 | read_config_file(const char *filename, struct passwd *pw, const char
*host,
| ^~~~~~~~~~~~~~~~
readconf.h:245:10: note: previous declaration of ?read_config_file? with type
?int(const char *, struct passwd *, const char *, const char *, struct sshbuf *,
Options *, int, int *)?
245 | int read_config_file(const char *, struct passwd *, const char *,
| ^~~~~~~~~~~~~~~~
```
I think there could be something incorrect about those lines changed in
readconf.h?
~ Tim