User-specific subconfiguration files are read when the client has stated the username it is trying to log in as. At this point, the server will obtain additional information about the user: does the user exist, what is the user's UID, and what groups the user belongs to. With this information, the server can read the user-specific configuration files specified with UserSpecificConfig in the main configuration file. The syntax is the following:

UserSpecificConfig pattern subconfig-file

You can use patterns of the following form:

user[%group][@host]

where user is matched with the username and UID, group is matched with the user's primary and secondary groups, both group name and GID, and host is matched as described under AllowHosts on the sshd2_subconfig man page (sshd2_subconfig).

For example, the following would match any user in group "sftp" connecting from example.com:

.*%sftp@example\.com

Example 1: The following matches to users from ssh.com who have two-character usernames or the username sjl, and who belong to the group wheel.

UserSpecificConfig  (..|sjl)%wheel@ssh\.com  /opt/tectia/etc/subconfig/user_conf

Example 2: The following matches the user anon from any host:

UserSpecificConfig  anon@.*  /opt/tectia/etc/subconfig/anon_conf

See the sshd2_subconfig man page for more information (sshd2_subconfig).