[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-bugs
Subject: [Bug 1975] Support for Match configuration directive to also include subsystems
From: bugzilla-daemon () mindrot ! org
Date: 2014-02-13 0:08:02
Message-ID: bug-1975-705-8B5vyZSq9M () https ! bugzilla ! mindrot ! org/
[Download RAW message or body]
https://bugzilla.mindrot.org/show_bug.cgi?id=1975
Damien Miller <djm@mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org
--- Comment #1 from Damien Miller <djm@mindrot.org> ---
At present, this is not possible - the matching happens around
authentication time, well before the subsystem is requested.
It would be conceivably possible to add another pass through the config
file, but it would be pretty confusing since some combinations of
options would never make sense. E.g.
Match user djm subsystem sftp
PasswordAuthentication no
ChrootDirectory /blah
This could not be evaluated at authentication time and so the
PasswordAuthentication directive could not be applied.
Another approach might be to have another Match-like keywords that is
used just for stuff that happens later (say "SessionMatch") that could
therefore have access to session-time information. IMO that's confusing
and complicated in its own way too.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic