[Bug 1180] Add finer-grained controls to sshd
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Apr 8 13:04:51 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=1180
------- Comment #1 from dtucker at zip.com.au 2006-04-08 13:04 -------
Created an attachment (id=1118)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1118&action=view)
Add "Match" keyword to sshd_config
This patch (against 4.3p2) extends sshd_config to support syntax such as:
AllowTcpForwarding no
Match Address 192.168.32.*,127.0.0.1
AllowTcpForwarding yes
GatewayPorts no
Match User bar,baz
AllowTcpForwarding yes
Match Host t*
AllowTcpForwarding yes
The criteria currently supported by Match are "User [user pattern-list]",
"Group [group pattern]", "Address [address pattern-list]" and "Host [host
pattern-list]". Multiple criteria may be specified on a single Match line, if
so all criteria must match before the Match block takes effect (ie it is a
logical AND).
The directives supported inside a "Match" block are:
AcceptEnv, AllowTcpForwarding, AuthorizedKeysFile, AuthorizedKeysFile2, Banner,
ChallengeResponseAuthentication, ChallengeResponseAuthentication,
ClientAliveCountMax, ClientAliveInterval, GatewayPorts, GssAuthentication,
GssCleanupCreds, HostbasedAuthentication, HostbasedUsesNameFromPacketOnly,
IgnoreRhosts, IgnoreUserKnownHosts, KbdInteractiveAuthentication,
KerberosAuthentication, KerberosGetAFSToken, KerberosOrLocalPasswd,
KerberosTicketCleanup, LogFacility, LogLevel, LoginGraceTime, MaxAuthTries,
PasswordAuthentication, PermitEmptyPasswd, PermitRootLogin, PermitTunnel,
PermitUserEnvironment, PrintLastLog, PrintMotd, PubkeyAuthentication,
PubkeyAuthentication, RSAAuthentication, RhostsRSAAuthentication, StrictModes,
UseLogin, UsePAM, X11DisplayOffset, X11Forwarding, X11UseLocalhost,
XAuthLocation. Only a (small) subset of these have been tested.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list