Host-Specific Subconfiguration
The host-specific configuration files are configured with the
HostSpecificConfig variable. These files are read immediately after a
new process is launched to handle the connection. Thus most configuration
options can be set in these. The syntax is the following:
HostSpecificConfig pattern subconfig-file
pattern will be used to match the client host as specified under
AllowHosts on the sshd2_subconfig man page (Appendix sshd2_subconfig). The file
subconfig-file will then be read, and configuration data amended accordingly.
The file is read before any actual protocol transactions begin, and you
can specify most of the options allowed in the main configuration file.
You can specify more than one subconfiguration file, in which case the
patterns are matched and the files read in the specified order. Values of
configuration options defined later will either override or amend the
previous value depending on the option. The effect of redefining an option
is described in the documentation for that option. For example, setting
Ciphers in the subconfiguration file will override the old value,
but setting AllowUsers will amend the value.
Example 1: The following matches (from) any host:
HostSpecificConfig .* /etc/ssh2/subconfig/host_ext.conf
|
Example 2: The following matches a subnet mask:
HostSpecificConfig \m192.168.0.0/16 /etc/ssh2/subconfig/host_int.conf
|
For more information, please see the sshd2_subconfig and
sshd2_config man page (Appendix sshd2_subconfig).
