search for: noforcecommand

...roup. My idea was to do the following in sshd_config: ForceCommand /usr/bin/validate-ssh-command Match Group wheel ForceCommand But obviously this doesn't work, because ForceCommand requires an argument. I couldn't find a way to achieve what I want. I wrote a patch that adds a "NoForceCommand" configuration option that removes any configured ForceCommand. This allows me to have the following: ForceCommand /usr/bin/validate-ssh-command Match Group wheel NoForceCommand Is there a better way to do this? Possibly without patching openssh? BTW, the patch is against openssh-4.5p1...