tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-28 16:34:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated sshd_config (markdown)

Manoj Ampalam 2018-05-31 10:03:10 -07:00
parent c595a2288e
commit 0b8a617a44
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sshd_config.md

@ -7,14 +7,19 @@ The allow/deny directives are processed in the following order: **DenyUsers**, *
See PATTERNS in [ssh_config](http://man.openbsd.org/ssh_config.5#PATTERNS) for more information on patterns. See PATTERNS in [ssh_config](http://man.openbsd.org/ssh_config.5#PATTERNS) for more information on patterns.
Note the following for domain accounts: User and group names are case insensitive in Windows (unlike in Unix). You **should** always use **lower** case while specifying these irrespective of their original case.
**Note** the following for domain accounts:
Prior to v7.7.0.0, there was no well defined way to specify domain principals (users and groups). To account for a domain principal in [various forms](https://msdn.microsoft.com/en-us/library/windows/desktop/ms724268(v=vs.85).aspx), it is recommended to use the following format while configuring user/group based rules - `user?domain*` - note the `?` instead of `@` to avoid conflict with `username@host` format and `*` added to cover FQDNs. Prior to v7.7.0.0, there was no well defined way to specify domain principals (users and groups). To account for a domain principal in [various forms](https://msdn.microsoft.com/en-us/library/windows/desktop/ms724268(v=vs.85).aspx), it is recommended to use the following format while configuring user/group based rules - `user?domain*` - note the `?` instead of `@` to avoid conflict with `username@host` format and `*` added to cover FQDNs.
From v7.7.0.0 on wards, work group users/groups and internet-connected accounts are strictly resolved to their local account name (no domain part, similar to standard Unix names). Domain users and groups are strictly resolved to NameSamCompatible format - domain_short_name\user_name. All user/group based configuration rules need to adhere to this format. From v7.7.0.0 on wards, work group users/groups and internet-connected accounts are strictly resolved to their local account name (no domain part, similar to standard Unix names). Domain users and groups are strictly resolved to NameSamCompatible format - domain_short_name\user_name. All user/group based configuration rules need to adhere to this format.
- Ex. for domain users - `DenyUsers contoso\admin@192.168.2.23` - Ex. for domain users
- `DenyUsers contoso\admin@192.168.2.23` : blocks contoso\admin from 192.168.2.23
- `DenyUsers contoso\*@192.168.2.23`
- Ex. for local users - `AllowUsers localuser@192.168.2.23` - Ex. for local users - `AllowUsers localuser@192.168.2.23`
______ ______
#### AuthenticationMethods #### AuthenticationMethods
Available authentication methods are "password" and "publickey". Available authentication methods are "password" and "publickey".
@ -24,6 +29,9 @@ Support added in v7.7.0.0
To setup a sftp-only chroot server, set ForceCommand to `internal-sftp`. You may also set up scp with chroot, by implementing a custom shell that would only allow scp and sftp. To setup a sftp-only chroot server, set ForceCommand to `internal-sftp`. You may also set up scp with chroot, by implementing a custom shell that would only allow scp and sftp.
______
#### [Match](https://man.openbsd.org/sshd_config#Match)
______ ______
#### Not supported #### Not supported
AcceptEnv AcceptEnv