This is the mail archive of the
cygwin
mailing list for the Cygwin project.
sshd_config request: hostname token
- From: Bill Stewart <bstewart at iname dot com>
- To: cygwin at cygwin dot com
- Date: Wed, 3 Apr 2019 15:32:18 -0600
- Subject: sshd_config request: hostname token
It seems it would be useful to have a hostname token for use in the
sshd_config file.
Example usage (supposing %H expands to the hostname):
AllowGroups "%H+SSH Users"
This would permit access on the local computer (no matter its name) if the
account is a member of the SSH Users group (if it's a domain member).
This would allow users to change the name of the computer without needing
to edit the sshd_config file (if the computer is a domain member). If the
computer is removed from the domain, you still have to remove the %H+
prefix.
[Aside: This is one of the reasons I find Cygwin's account matching
algorithm to be "backwards," for lack of a better term. IMO local account
names should resolve before domain account names if the computer is a
domain member. If local accounts matched first, all you would need is
AllowGroups "SSH Users" and be done with it. But I realize this is a big
change.]
Are there risks with adding a hostname token that I'm not seeing?
Thanks
Bill
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple