3

I’m having a problem with my sshd config. I want to limit all users of the group www-user to sftp use. All of them but the user yorunokoe.

I saw that related question : How to exclude from a "Match Group" in SSHD? and my config end like this :

Match Group www-user User !yorunokoe ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no PermitTunnel no X11Forwarding no

But that doesn’t work. I tested different variations and it seems that everytime I use the exclamation mark, the whole directive returns as false and no subsequent config is applied. With the above config, all users still have SSH access, they’re not chrooted and they’re not limited to sftp.

I’m running with OpenSSH_6.7p1 Debian-5+deb8u2, OpenSSL 1.0.1k

What am I doing wrong ?

Improve this question
2
  • Try User *,!yorunokoe. See this question for a more thorough explanation. Commented May 29, 2016 at 22:31
  • It works ! I was missing the wildcard part. Thanks a lot. Commented May 30, 2016 at 7:56

1 Answer 1

Reset to default
4

So, thanks to https://unix.stackexchange.com/users/28235/n-st, the correct config is :

Match Group www-user User *,!yorunokoe ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no PermitTunnel no X11Forwarding no

That limit all users in www-user except user yorunokoe to sftp.

Improve this answer
1
  • Hi Jérôme, I upvoted your question yesterday as a good one. I'd suggest that you accept your answer to let other users know that your issue is now resolved. See How does accepting an answer work?. Otherwise, the question continues to be listed as an unanswered question. Welcome to the Stack Exchange network! Commented May 30, 2016 at 20:35

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.