previous
next
You can create and use optional subconfiguration files to configure settings that you want to apply to a subset of users or client hosts. Subconfiguration files are read by the process forked for each new connection. These files are read at runtime; any changes you make affect all subsequent connections.
User-specific Subconfiguration Files
Use the UserSpecificConfig keyword to configure user-specific subconfiguration files. The syntax for this keyword is:
UserSpecificConfig user_expression subconfig_file
If the user expression matches the user attempting a connection, the server uses the specified subconfiguration file. An example file is installed to:
/etc/ssh2/subconfig/user.example
The user.example file includes a list of keywords that are supported in user-specific subconfiguration files.
NOTE:Security Note: If you configure a user-specific list for RequiredAuthentications that is different from the global allowed or required list, a malicious user attempting to authenticate can compare the client/server authentication negotiations of various accounts and use differences in the list of allowed authentications to determine that an account is valid on this system and different from other accounts on the system.
Host-specific Subconfiguration Files
Use the HostSpecificConfig keyword to configure settings to apply to a subset of client hosts. The syntax for this keyword is:
HostSpecificConfig host_expression subconfig_file
If the host expression matches the client host, the server uses the specified subconfiguration file. An example file is installed to:
/etc/ssh2/subconfig/host.example
The host.example file includes a list of keywords that are supported in host-specific subconfiguration files.