Connection type variable

Luiz Casey luizcasey at
Tue Nov 24 01:40:08 EST 2009

I would like to know how would I go about in using a connection type variable with the sshd_config. What would be the consequences,security,problem with doing such a thing. What I would like to accomplish is something like:

Match Group Users

ChrootDirectory "sftp/ssh" /home/%u

ForceCommand "sftp/ssh" internal-sftp

AllowTcpForwarding "sftp/ssh" no

Where "sftp/ssh" would be used if the connection is regular ssh connection or sftp. So ChrootDirectory/ForceCommand would only be used if the connection matches that variable. 
Use case, a restricted or limited shell is being used which prevents users from running specific commands and locks them with a specific directory. All gets thrown out if sftp is used. Therefor if chrootdirectory/forcecommand can be used for sftp connection only it would lock the user within that directory. Currently is it not possible to use the above combination for both ssh/sftp user. Any ideas, suggestions, criticism would be helpful.



More information about the openssh-unix-dev mailing list