On Thu 30 Aug 2012 at 14:37:34 +0100, Roger Lynn wrote: > I want to force everyone except members of a particular group to run sftp > when they ssh into a server. So at the end of /etc/ssh/sshd_config I have: > > Match Group !sshers > ForceCommand /usr/lib/openssh/sftp-server > > However I can't get the group negation to work. If I remove the '!' it works > as expected, in that members of sshers are forced to run sftp. With the '!' > the condition is never met, no one is forced to run sftp and the whole > stanza appears to do nothing. > > The documentation on the Match keyword is not very helpful, but it appears > that the above should be allowed. What am I doing wrong? Is it a bug?
Two questions. I'll go for the first one. First read the PATTERNS section of ssh_config(5). Then think about Match Group * and Match Group *,!sshers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120830151604.GC24280@desktop
