https://bugzilla.mindrot.org/show_bug.cgi?id=2282
--- Comment #6 from [email protected] --- Here's the testing config. Again, I have removed the Address match part to simplify things. Of course, this does mean I have edit the config and restart to enable non-sftp connection with non-sftponly users. All comments/blank lines stripped out: Protocol 2 SyslogFacility AUTHPRIV PermitRootLogin no UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS X11Forwarding yes TCPKeepAlive yes ClientAliveInterval 600 ClientAliveCountMax 3 MaxStartups 20 Subsystem sftp internal-sftp -l INFO AllowGroups all it nondb Match Group sftponly ChrootDirectory /cust/ftp/secure/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp -l INFO Match Group *,!sftponly ForceCommand echo 'External shell access denied.' I still have this node around and can make further tests as needed/requested. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
