Connection type variable
Luiz Casey
luizcasey at yahoo.com
Tue Nov 24 01:40:08 EST 2009
Hello,
I would like to know how would I go about in using a connection type variable with the sshd_config. What would be the consequences,security,problem with doing such a thing. What I would like to accomplish is something like:
Match Group Users
ChrootDirectory "sftp/ssh" /home/%u
ForceCommand "sftp/ssh" internal-sftp
AllowTcpForwarding "sftp/ssh" no
Where "sftp/ssh" would be used if the connection is regular ssh connection or sftp. So ChrootDirectory/ForceCommand would only be used if the connection matches that variable.
Use case, a restricted or limited shell is being used which prevents users from running specific commands and locks them with a specific directory. All gets thrown out if sftp is used. Therefor if chrootdirectory/forcecommand can be used for sftp connection only it would lock the user within that directory. Currently is it not possible to use the above combination for both ssh/sftp user. Any ideas, suggestions, criticism would be helpful.
-Luiz
More information about the openssh-unix-dev
mailing list