The host-specific configuration files are configured with the HostSpecificConfig variable. These files are read immediately after a new process is launched to handle the connection. Thus most configuration options can be set in these. The syntax is the following:

HostSpecificConfig pattern subconfig-file

pattern will be used to match the client host as specified under AllowHosts on the sshd2_config(5) man page. The file subconfig-file will then be read, and configuration data amended accordingly.

The file is read before any actual protocol transactions begin, and you can specify most of the options allowed in the main configuration file. You can specify more than one subconfiguration file, in which case the patterns are matched and the files read in the specified order. Values of configuration options defined later will either override or amend the previous value depending on the option. The effect of redefining an option is described in the documentation for that option. For example, setting Ciphers in the subconfiguration file will override the old value, but setting AllowUsers will amend the value.

Example 1: The following matches (from) any host:

HostSpecificConfig   .* /opt/tectia/etc/subconfig/host_ext.conf

Example 2: The following matches a subnet mask:

HostSpecificConfig   \m192.168.0.0/16   /opt/tectia/etc/subconfig/host_int.conf

For more information, please see sshd2_subconfig(5) and sshd2_config(5).