Match Statement in sshd_config

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jun 9 23:26:59 EST 2009 

On 06/09/2009 07:08 AM, Martin Schimandl wrote:
> But unfortunately the documentation of the Match-Statement refers to the
>  PATTERN section, which is non existent  :-(


I think it refers to PATTERNS (not PATTERN), and it seems to refer to
ssh_config(5), not sshd_config(5).  What version of openSSH are you
using?  With OpenSSH 5.1p1 (from debian testing), it looks like the
section is available in the referenced man page:

>> 0 dkg at pip:~$ man sshd_config | grep -C2 criteria
>>                    hmac-ripemd160,hmac-sha1-96,hmac-md5-96
>> 
>>      Match   Introduces a conditional block.  If all of the criteria on the
>>              Match line are satisfied, the keywords on the following lines
>>              override those set in the global section of the config file,
>>              until either another Match line or the end of the file.
>> 
>>              The arguments to Match are one or more criteria-pattern pairs.
>>              The available criteria are User, Group, Host, and Address.  The
>>              match patterns may consist of single entries or comma-separated
>>              lists and may use the wildcard and negation operators described
>>              in the PATTERNS section of ssh_config(5).
>> 
>>              The patterns in an Address criteria may additionally contain
>>              addresses to match in CIDR address/masklen format, e.g.
>>              “192.0.2.0/24” or “3ffe:ffff::/32”.  Note that the mask length
>> 0 dkg at pip:~$ man ssh_config | grep -A3 ^PATTERNS
>> PATTERNS
>>      A pattern consists of zero or more non-whitespace characters, ‘*’ (a
>>      wildcard that matches zero or more characters), or ‘?’ (a wildcard that
>>      matches exactly one character).  For example, to specify a set of decla‐
>> 0 dkg at pip:~$ 


Have you tried looking in ssh_config(5) instead of sshd_config(5) ?

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20090609/530f1590/attachment.bin>

More information about the openssh-unix-dev mailing list