Your browser does not allow storing cookies. We recommend enabling them.

Tectia

User-Specific Subconfiguration

User-specific subconfiguration files are read when the client has stated the username it is trying to log in as. At this point, the server will obtain additional information about the user: does the user exist, what is the user's UID, and what groups the user belongs to. With this information, the server can read the user-specific configuration files specified with UserSpecificConfig in the main configuration file. The syntax is the following:

UserSpecificConfig pattern subconfig-file

You can use patterns of the following form:

user[%group][@host]

where user is matched with the username and UID, group is matched with the user's primary and secondary groups, both group name and GID, and host is matched as described under AllowHosts on the sshd2_subconfig man page (sshd2_subconfig).

For example, the following would match any user in group "sftp" connecting from example.com:

.*%sftp@example\.com

Example 1: The following matches to users from ssh.com who have two-character usernames or the username sjl, and who belong to the group wheel.

UserSpecificConfig  (..|sjl)%wheel@ssh\.com  /opt/tectia/etc/subconfig/user_conf

Example 2: The following matches the user anon from any host:

UserSpecificConfig  anon@.*  /opt/tectia/etc/subconfig/anon_conf

See the sshd2_subconfig man page for more information (sshd2_subconfig).


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now