sshd_config Match AD group

Overview

I use CentOS 7. One of the biggest reasons I join my servers to Active Directory is for the users and groups. Getting sshd_config to work with AD-defined groups is easy and just needs the smallest amount of work.

If you want to use sftp, and have rules for just a specific AD group, you need to specify the group name exactly as it is cased.
[root@amazon|/var/log]# getent group Web_Dev_Grp
web_dev_grp:*:5829038:asmith,rltompki,fkowalks,bangel,lfrederi

So use the “web_dev_grp” as shown in your sshd_config:
Match Group web_dev_grp
ChrootDirectory /var/www
ForceCommand internal-sftp

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s