As I understand currently there is no way in sshd_config to match based on the client public key so different configuration for the same username can be applied depending on the key, right? My case is a backup login that needs to run as a root to access all the files and where I want to use ForceCommand to allow the login only to execute a particular command and yet still allow normal root logins. As a workaround currently I have a dummy account with ForceCommand that executes a setuid wrapper for the backup where the wrapper can only run from that account. It works, but it would be nice to avoid this error-prone extra-account+setuid combination and allow in sshd_config either to match based on public keys or to support custom mapping of ssh accounts into system ones. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev