Ssh – OpenSSH: How to end a match block

debianopenssh

I'm using a Match block in OpenSSH's /etc/ssh/sshd_config (on debian) to restrict some users to SFTP:

# my stuff
Match group sftponly
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp -u 0002
    ChrootDirectory %h

As you can see, I use a #my stuff comment in custom config files to easily distinguish default configurations from those I made (and I put those at the end of the config files).
Now I wanted to append the directive UseDNS no to the configuration (to speed up logins) but OpenSSH said Directive 'UseDNS' is not allowed within a Match block.

Now I was wondering whether there is a syntax like End Match to end those match blocks?

Best Answer

To end up a match block with openssh 6.5p1 or above, use the line: Match all

Here is a piece of code, taken from my /etc/ssh/sshd_config file:

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

Match host 192.168.1.12
    PasswordAuthentication yes
Match all

X11Forwarding yes
X11DisplayOffset 10

A line with a sole Match won't work. (It didn't work for me, sshd refused to start)

Best Answer

Related Solutions

Ssh – Help updating OpenSSH to v6.6

Ssh – Deprecated options when restarting openssh in Stretch

Related Question