- Red Hat Enterprise Linux 6
OpenSSH in Red Hat Enterprise Linux 6 allows the use of conditional blocks in the
sshd_config configuration file. If the initiated connection criteria match the expression of the
Match conditional block, then the configuration options in that block would apply.
How to use negation in
To use negation in
Match conditional blocks, the expression needs to be preceded by a
*. For instance, given the following section in the bottom of
Match Group *,!admin Address 192.168.1.1 ForceCommand /bin/false
This would deny connections from 192.168.1.1 to anyone who is not in the admin group. The connection denial is achieved using the
ForceCommand statement which instructs the sshd server to run a dummy command (
/bin/false) and exit immediately.
The cause of this non-intuitive behaviour is dependent on the implementation of negation in OpenSSH.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.