Sshd Match Group Directive Problem
I try to set up two “Match Group” directives in sshd_config.
I have an LDAP server. All users including admins are part of the LDAP
group users. The admins users are also part of the LDAP group wheel. For example:
[~]groups admin1
admin1 : users wheel
[~]groups users user1 : users
On a client server to LDAP, I try to configure two “Match Group” directives in sshd_config as follows:
Match Group wheel
some keywords…
Match Group users
some keywords…
The problem is that even if a user is a member of LDAP group wheel, the
“Match Group wheel” directive is skipped in favor of the “Match Group users” directive.
Is it possible to have two “Match Group” directives as I like to do it? If yes, what is wrong in my configuration?
Thanks,
2 thoughts on - Sshd Match Group Directive Problem
A detail I forgot…
The need is to have members of the groups wheel and users being dropped to a shell and administer the server while members of only the group users have a script started forcing them to a few command on the server.
man sshd_config: The match patterns may consist of single entries or comma-separated lists …
Match Group wheel,users