Disabling ForceCommand in a Match block
Remy Blank
remy.blank at pobox.com
Wed May 16 22:36:47 EST 2007
Hello,
I am trying to force a command for all users *except* for users in the
"wheel" group. My idea was to do the following in sshd_config:
ForceCommand /usr/bin/validate-ssh-command
Match Group wheel
ForceCommand
But obviously this doesn't work, because ForceCommand requires an
argument. I couldn't find a way to achieve what I want.
I wrote a patch that adds a "NoForceCommand" configuration option that
removes any configured ForceCommand. This allows me to have the following:
ForceCommand /usr/bin/validate-ssh-command
Match Group wheel
NoForceCommand
Is there a better way to do this? Possibly without patching openssh?
BTW, the patch is against openssh-4.5p1.
Thanks.
-- Remy
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-forcecommand.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20070516/fa821539/attachment-0001.ksh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20070516/fa821539/attachment-0001.bin
More information about the openssh-unix-dev
mailing list