|

»

openbsd user - misc

Unsetting ForceCommand in openssh

View: New views

3 Messages — Rating Filter: Alert me

	Unsetting ForceCommand in openssh by Lars Nooden-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I'm looking at the configuration for OpenSSH_5.3 and wish to force commands and chroot all users, except one group. What is a way to unset the 'ForceCommand' configuration directive? Here's the way that doesn't work, but shows the approximate goal: ... ChrootDirectory /var/www ForceCommand internal-sftp Match Group wheel ChrootDirectory none ForceCommand none 'none' seems to work for ChrootDirectory but not for ForceCommand. Regards /Lars
	Re: Unsetting ForceCommand in openssh by Ingo Schwarze :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Lars, Lars Nooden wrote on Sat, Nov 07, 2009 at 12:59:00PM +0200: > I'm looking at the configuration for OpenSSH_5.3 and wish to force > commands and chroot all users, except one group. sshd_config(5): The arguments to Match are one or more criteria-pattern pairs. The available criteria are User, Group, Host, and Address. The match patterns may consist of single entries or comma-separated lists and may use the wildcard and negation operators described in the PATTERNS section of ssh_config(5). Try the negation operators. > What is a way to unset the 'ForceCommand' configuration directive? No idea, but it seems you won't need that. Yours, Ingo
	Re: Unsetting ForceCommand in openssh by Lars Nooden-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Ingo Schwarze wrote: > Try the negation operators. Thanks. I needed a different perspective. This illustrates what works: Match Group !wheel, Group !dialout ChrootDirectory /var/www ForceCommand internal-sftp Regards /Lars