sshd_config request: hostname token

sshd_config request: hostname token

[Bill Stewart]

It seems it would be useful to have a hostname token for use in the
sshd_config file.

Example usage (supposing %H expands to the hostname):

AllowGroups "%H+SSH Users"

This would permit access on the local computer (no matter its name) if the
account is a member of the SSH Users group (if it's a domain member).

This would allow users to change the name of the computer without needing
to edit the sshd_config file (if the computer is a domain member). If the
computer is removed from the domain, you still have to remove the %H+
prefix.

[Aside: This is one of the reasons I find Cygwin's account matching
algorithm to be "backwards," for lack of a better term. IMO local account
names should resolve before domain account names if the computer is a
domain member. If local accounts matched first, all you would need is
AllowGroups "SSH Users" and be done with it. But I realize this is a big
change.]

Are there risks with adding a hostname token that I'm not seeing?

Thanks

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: sshd_config request: hostname token

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

On Apr  3 15:32, Bill Stewart wrote:
> It seems it would be useful to have a hostname token for use in the
> sshd_config file.
> 
> Example usage (supposing %H expands to the hostname):
> 
> AllowGroups "%H+SSH Users"

I'm pretty sure his patch would not be accepted upstream.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]