New Subsystem criteria for Match option block in OpenSSH server
John Olsson M
john.m.olsson at ericsson.com
Thu May 24 23:46:44 EST 2012
Thank you very much Peter for taking your time to explain this in such detail instead of just refering to the relevant RFCs. :)
What you write is pretty much what I was eventually able to piece together based on the ongoing discussions and reading of the SSHD Config manual page. But nopw I do understnad much deeper the implications on what it is we request and I hope IU can give relevant comments and suggestions on a way forward. I would very much like this to be implemented and salvaged in a sane way for all stakeholders. :)
>> ChrootDirectory
>> ForceCommand
>
> These two are the only ones that possibly have meaning when
> matching on subsystem.
So if we for a minute assume that we restrict the number of keywords that are allowed to be used to the two ones above when matching on subsystem, would that be an acceptable way forward?
What implications would this have on the existing source code?
Is it feasible to do with a reasonable (for whatever "reasonable" is) amount of work?
Or is your message that we should start looking for Plan B?
/John
More information about the openssh-unix-dev
mailing list