- dtucker@cvs.openbsd.org 2006/07/12 11:34:58

     [sshd.c servconf.h servconf.c sshd_config.5 auth.c]
     Add support for conditional directives to sshd_config via a "Match"
     keyword, which works similarly to the "Host" directive in ssh_config.
     Lines after a Match line override the default set in the main section
     if the condition on the Match line is true, eg
     AllowTcpForwarding yes
     Match User anoncvs
             AllowTcpForwarding no
     will allow port forwarding by all users except "anoncvs".
     Currently only a very small subset of directives are supported.
     ok djm@

1 files changed, 22 insertions, 1 deletions

diff --git a/sshd_config.5 b/sshd_config.5
index 3b639b17d..0b2646027 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.59 2006/07/06 10:47:05 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.60 2006/07/12 11:34:58 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -463,6 +463,27 @@ for data integrity protection.
 Multiple algorithms must be comma-separated.
 The default is:
 .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
+.It Cm Match
+Introduces a conditional block.  Keywords on lines following a
+.Cm Match
+block are only applied if all of the criteria on the
+.Cm Match
+are satisfied.
+The the arguments to
+.Cm Match
+block are one or more criteria-pattern pairs.
+The available criteria are
+.Cm User ,
+.Cm Host ,
+and
+.Cm Address .
+Only a subset of keywords may be used on the lines following a
+.Cm Match
+keyword.
+Available keywords are
+.Cm AllowTcpForwarding ,
+and
+.Cm GatewayPorts .
 .It Cm MaxAuthTries
 Specifies the maximum number of authentication attempts permitted per
 connection.