Your browser does not allow storing cookies. We recommend enabling them.

SSH

User-Specific Subconfiguration

User-specific subconfiguration files are read when the client has stated the user name it is trying to log in as. At this point, the server will obtain additional information about the user: does the user exist, what is the user's UID, and what groups the user belongs to. With this information, the server can read the user-specific configuration files specified with UserSpecificConfig in the main configuration file. The syntax is the following:

UserSpecificConfig pattern subconfig-file

You can use patterns of the following form:

user[%group][@host] 

where user is matched with the user name and UID, group is matched with the user's primary and secondary groups, both group name and GID, and host is matched as described under AllowHosts on the sshd2_config(5) man page.

For example, the following would match any user in group "sftp" connecting from example.com:

.*%sftp@example\.com 

Example 1: The following matches to users from ssh.com who have two-character user names or the user name sjl, and who belong to the group wheel.

UserSpecificConfig  (..|sjl)%wheel@ssh\.com   /opt/tectia/etc/subconfig/user_conf

Example 2: The following matches the user anon from any host:

UserSpecificConfig  anon@.*   /opt/tectia/etc/subconfig/anon_conf 

See the sshd2_subconfig(5) man page for more information.


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more