User-Specific Subconfiguration
User-specific subconfiguration files are read when the client has stated
the username it is trying to log in as. At this point, the server will
obtain additional information about the user: does the user exist, what is
the user's UID, and what groups the user belongs to. With this
information, the server can read the user-specific configuration files
specified with UserSpecificConfig in the main configuration file.
The syntax is the following:
UserSpecificConfig pattern subconfig-file
You can use patterns of the following form:
user[%group][@host]
where user is matched with the username and UID, group is
matched with the user's primary and secondary groups, both group name and GID,
and host is matched as described under AllowHosts on the
sshd2_subconfig man page (Appendix sshd2_subconfig).
For example, the following would match any user in group "sftp" connecting from
example.com:
.*%sftp@example\.com
Example 1:
The following matches to users from ssh.com who have two-character
usernames or the username sjl, and who belong to the
group wheel.
UserSpecificConfig (..|sjl)%wheel@ssh\.com /etc/ssh2/subconfig/user_conf
|
Example 2:
The following matches the user anon from any host:
UserSpecificConfig anon@.* /etc/ssh2/subconfig/anon_conf
|
See the sshd2_subconfig man page for more information (Appendix
sshd2_subconfig).
