Knowledge Base

Overview

Last updated: 2019-01-14

I use CentOS 7. One of the biggest reasons I join my servers to Active Directory is for the users and groups. Getting sshd_config to work with AD- defined groups is easy and just needs the smallest amount of work. If you want to use sftp, and have rules for just a specific AD group, you need to specify the group name exactly as it is cased. [root@amazon|/var/log]# getent group Web_Dev_Grp web_dev_grp:*:5829038:asmith,rltompki,fkowalks,bangel,lfrederi So use the "web_dev_grp" as shown in your sshd_config: Match Group web_dev_grp ChrootDirectory /var/www ForceCommand internal-sftp If you want to match multiple groups, you can use this format: Match Group web_dev_grp,linux_admins_grp Be sure to read ssh_config(5) on PATTERNS and sshd_config(5) on Match for more details.