The manual page reads: Match Introduces a conditional block. If all of the criteria on the Match line are satisfied, the keywords on the following lines override those set in the global section of the config file, until either another Match line or the end of the file. ... This looks like a useful feature, but from the description is hard to understand how it is used. Please provide 2-3 examples how to use this keyword in the manual page.
Darren Tucker has posted informative message about the use of "Match" keyword. Please include his examples to the manual page. http://archive.netbsd.se/?ml=openssh-unix-dev&a=2006-03&t=1883229 # allow anyone to authenticate normally from the local net Match Address 192.168.0.0/24 RequiredAuthentications default # allow admins from the dmz with pubkey and password Match Group admins Address 1.2.3.0/24 RequiredAuthentications publickey,password # deny untrusted and local users from any other net Match Group untrusted,lusers RequiredAuthentications deny # anyone else gets normal behaviour Match all RequiredAuthentications default There's also some potential for other things too: Match User anoncvs PermitTcpForwarding no Match Group nosftp Subsystem sftp /bin/false
There's an example in the sample sshd_config file: # Example of overriding settings on a per-user basis #Match User anoncvs #>......X11Forwarding no #>......AllowTcpForwarding no #>......ForceCommand cvs server (Most of the samples you quoted do not exist in the current code.)
The default sshd_config file already contains an example
closing resolved bugs as of 8.6p1 release