diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config
index a3756bc..1299a32 100644
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config
@@ -2,6 +2,23 @@
 {#- present in sshd_config and known in actual file options -#}
 {%- set processed_options = [] -%}
 
+{#- generic renderer used for sshd matches, known options, -#}
+{#- and unknown options -#}
+{%- macro render_option(keyword, default, config_dict=sshd_config) -%}
+  {%- set value = config_dict.get(keyword, default) -%}
+  {%- if value is sameas true -%}
+{{ keyword }} yes
+  {%- elif value is sameas false -%}
+{{ keyword }} no
+  {%- elif value is string or value is number -%}
+{{ keyword }} {{ value }}
+  {%- else -%}
+{%- for single_value in value -%}
+{{ keyword }} {{ single_value }}
+{% endfor -%}
+  {%- endif -%}
+{%- endmacro -%}
+
 {#- macros for render option according to present -#}
 {%- macro option_impl(keyword, default, present) -%}
   {%- if present -%}
@@ -10,18 +27,9 @@
   {%- else -%}
     {%- set prefix='#' -%}
   {%- endif -%}
-  {%- set value = sshd_config.get(keyword, default) -%}
-  {%- if value is sameas true -%}
-{{ prefix }}{{ keyword }} yes
-  {%- elif value is sameas false -%}
-{{ prefix }}{{ keyword }} no
-  {%- elif value is string or value is number -%}
-{{ prefix }}{{ keyword }} {{ value }}
-  {%- else -%}
-{%- for single_value in value -%}
-{{ prefix }}{{ keyword }} {{ single_value }}
-{% endfor -%}
-  {%- endif -%}
+  {#- add prefix to keyword -#}
+  {%- set keyword = prefix ~ keyword -%}
+{{ render_option(keyword, default) }}
 {%- endmacro -%}
 
 {#- macros for render option commented by default -#}
@@ -129,18 +137,20 @@
 {{ option('UseDNS', 'yes') }}
 
 {# Handling unknown in salt template options #}
-{%- for keyword, argument in sshd_config.iteritems() %}
-  {%- if not keyword in processed_options -%}
-    {%- if argument is sameas true %}
-{{ keyword }} yes
-    {%- elif argument is sameas false %}
-{{ keyword }} no
-    {%- elif argument is string or argument is number %}
-{{ keyword }} {{ argument }}
-    {%- else %}
-      {%- for item in argument %}
-{{ keyword }} {{ item }}
-      {%- endfor %}
-    {%- endif %}
+{%- for keyword in sshd_config.keys() %}
+  {#- Matches have to be at the bottem and should be handled differently -#}
+  {%- if not keyword in processed_options and keyword != 'matches' -%}
+{#- send a blank default as it doesn't matter -#} 
+{{ render_option(keyword, '') }}
   {%- endif -%}
 {%- endfor %}
+
+{# Handle matches last as they need to go at the bottom #}
+{%- if 'matches' in sshd_config %}
+  {%- for match in sshd_config['matches'].values() %}
+Match {{ match['type'].keys()[0] }} {{ match['type'].values()[0] }}
+    {%- for keyword in match['options'].keys() %}
+    {{ render_option(keyword, '', config_dict=match['options']) }}
+    {%- endfor %}
+  {%- endfor %}
+{%- endif %}
diff --git a/pillar.example b/pillar.example
index 42007da..70ec760 100644
--- a/pillar.example
+++ b/pillar.example
@@ -30,6 +30,15 @@ sshd_config:
   Subsystem: "sftp /usr/lib/openssh/sftp-server"
   UsePAM: 'yes'
   UseDNS: 'yes'
+  matches:
+    sftp_chroot:
+      type:
+        Group: sftpusers
+      options:
+        ChrootDirectory: /sftp-chroot/%u
+        X11Forwarding: no
+        AllowTcpForwarding: no
+        ForceCommand: internal-sftp
 
 openssh:
   auth: