luizcasey at yahoo
Nov 23, 2009, 6:40 AM
Post #1 of 2
(712 views)
Permalink
|
Hello,
I would like to know how would I go about in using a connection type variable with the sshd_config. What would be the consequences,security,problem with doing such a thing. What I would like to accomplish is something like:
Match Group Users
ChrootDirectory "sftp/ssh" /home/%u
ForceCommand "sftp/ssh" internal-sftp
AllowTcpForwarding "sftp/ssh" no
Where "sftp/ssh" would be used if the connection is regular ssh connection or sftp. So ChrootDirectory/ForceCommand would only be used if the connection matches that variable.
Use case, a restricted or limited shell is being used which prevents users from running specific commands and locks them with a specific directory. All gets thrown out if sftp is used. Therefor if chrootdirectory/forcecommand can be used for sftp connection only it would lock the user within that directory. Currently is it not possible to use the above combination for both ssh/sftp user. Any ideas, suggestions, criticism would be helpful.
-Luiz
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|
