SSH

User-Specific Subconfiguration

User-specific subconfiguration files are read when the client has stated the user name it is trying to log in as. At this point, the server will obtain additional information about the user: does the user exist, what is the user's UID, and what groups the user belongs to. With this information, the server can read the user-specific configuration files specified with UserSpecificConfig in the main configuration file. The syntax is the following:

UserSpecificConfig pattern subconfig-file

You can use patterns of the following form:

user[%group][@host] 

where user is matched with the user name and UID, group is matched with the user's primary and secondary groups, both group name and GID, and host is matched as described under AllowHosts on the sshd2_subconfig man page (sshd2_subconfig).

For example, the following would match any user in group "sftp" connecting from example.com:

.*%sftp@example\.com 

Example 1: The following matches to users from ssh.com who have two-character user names or the user name sjl, and who belong to the group wheel.

UserSpecificConfig  (..|sjl)%wheel@ssh\.com   /opt/tectia/etc/subconfig/user_conf

Example 2: The following matches the user anon from any host:

UserSpecificConfig  anon@.*   /opt/tectia/etc/subconfig/anon_conf 

See the sshd2_subconfig man page for more information (sshd2_subconfig).