Ssh – Match multiple users in ‘sshd_config’

I'm trying to apply the same sshd settings to multiple users.

According to the manual, it seems Match User acts like an AND:

Introduces a conditional block. If all of the criteria on the Match line are satisfied, the keywords on the following lines override those set in the global section of the config file

How do I state "for any of these users…", so in this example bob, joe, and phil are allowed to use SSH as a proxy, but not allowed to log in:

Match User bob, User joe, User phil
    PasswordAuthentication yes
    AllowTCPForwarding yes
    ForceCommand /bin/echo 'We talked about this guys. No SSH for you!'

Best Answer

Not having done this myself, I can only go on what the manuals say:

From the sshd_config manual:

The match patterns may consist of single entries or comma-separated lists and may use the wildcard and negation operators described in the PATTERNS section of ssh_config(5).

This means that you ought to be able to say

Match User bob,joe,phil
  PasswordAuthentication yes
  AllowTCPForwarding yes
  ForceCommand /bin/echo 'We talked about this guys. No SSH for you!'

See also this answer on the Information Security forum: https://security.stackexchange.com/a/18038

Best Answer

Related Solutions

Related Question