Question about restrict option behavior and override precedence
bishnu sahu
mebishnusahu at gmail.com
Thu Apr 9 01:29:18 AEST 2026
Hi,
I was reviewing auth-options.c and noticed that the "restrict" option sets
multiple flags, but subsequent options (e.g. "pty") appear to override
these restrictions.
For example:
restrict,pty
This results in restricted mode being set, but pty still being permitted.
I wanted to understand whether this behavior is intentional (i.e.
last-option-wins), or if restrict is expected to act as a stronger
constraint.
Additionally, I observed similar precedence behavior in option merging
(e.g. permitopen and touch-required flags), which may allow user-side
configuration to override stricter constraints.
Could you clarify the intended design here?
Thanks,
Bishnu
More information about the openssh-unix-dev
mailing list