Disabling ForceCommand in a Match block
Remy Blank
remy.blank at pobox.com
Thu May 17 01:42:34 EST 2007
Iain Morgan wrote:
> It would be more in keeping with the general syntax of the ssh_config
> (and the preferrence of keeping the number of options to a minimum)
> to have ForcedCommand accept the special keyword 'none'.
This would prevent being able to call the command 'none'. I guess that's ok.
>> Is there a better way to do this? Possibly without patching openssh?
>
> I have to admit, I haven't played around with the Match keyword much.
> If it accepted negation (I don't recall if it does), you could do
> something like:
>
> Match ! Group wheel
> ForceCommand /usr/bin/validate-ssh-command
Yes, that would be nice. Unfortunately, it doesn't work (I just tried it).
-- Remy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20070516/6cb65342/attachment.bin
More information about the openssh-unix-dev
mailing list