search for: allowusers

Displaying 20 results from an estimated 138 matches for "allowusers".

2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone, After discussing the AllowGroups I think I've discovered a bug. The system is a solaris 8 system and the problem is that when I use AllowGroups with no AllowUsers args, the proper actions happen. Same with AllowUsers and no AllowGroups. When I try to combine the two, none of the Allow directives seem to take. Is it just me or maybe a bug? -James
2003 Feb 16
2
AllowUsers Change
Markus, ignore the other stuff I sent.. I need to go back to bed and stop trying to code.. <sigh> For everone else.. Will this make everyone happy? This does the follow. it will always honor AllowUsers. If there is no Allow/DenyGroups it stated they are not in allowUsers. IF there are AllowDenyGroups it tries them. And then stated they are not in either AllowUsers nor AllowGroups since PErmitRootLogin is not handled in auth.c:allowed_users() I will not try to add that logic. I still believe...
2008 May 09
2
Problem, possibly bug with AllowUsers & DenyUsers
..., allowed from other places. DenyUsers root at 192.168.88.* Result: GOOD. root access denied from 192.168.88.0/24, allowed from other places. DenyUsers root@!192.168.88.44 Result: BAD. root can login from 192.168.88.40, or anywhere else So it seems the negation does not work. Continued tests: AllowUsers root at 192.168.88.* Result: GOOD. root can login only from 192.168.88.0/24. AllowUsers root@!192.168.88.44 Result: BAD. root cannot login from anywhere. In fact, no one can. AllowUsers root@!192.168.88.* Result: BAD. root cannot login from anywhere. In fact, no one can. AllowUsers root at 192...
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
https://bugzilla.mindrot.org/show_bug.cgi?id=1690 Summary: AllowUsers and DenyGroups directives are not parsed in the order specified Product: Portable OpenSSH Version: 5.3p1 Platform: ix86 OS/Version: Linux Status: NEW Keywords: patch Severity: trivial Priority: P2...
2005 Jun 28
2
more flexible AllowUsers/DenyUsers syntax
Hi, I hope this is the right place for a feature request. I'd like to have more flexible AllowUsers/DenyUsers synax. I am in a situation, where I have machines connected to three networks (a private, high speed, a public, and a private vpn) and I'd like to enable root logins only on the private networks. Currently I see no way of doing this, because there is no way to specify a class...
2005 Nov 17
2
AllowUsers not working under certain conditions
Hello, I've trawled archives looking for changes in the "AllowUsers" option, manuals, changes log, reported bugs and to my surprise I can't find anything or anyone that has reported the issues that I am experiencing. I am using the default installation sshd_config file as supplied by Redhat and the only options I have changed are: ListenAddress AllowUsers...
2014 Jun 26
1
sshd_config AllowUsers syntax wrong in documentation
It seems the syntax for AllowUsers in sshd_config is not the same that is given in man sshd_config and in several documentation on the web. (http://www.openssh.com/cgi-bin/man.cgi?query=sshd_config) e.g. AllowUsers root does work. AllowUsers root username does not work. If I try to login as root I get "User root from &lt...
2004 Oct 11
1
PermitRoot without-password doesn't work if AllowUsers user1 user2 set, but root not included; Also some bug in auth.c (Me thinks)
Hi list! I have some machines running openssh 3.9p1. AllowUsers is set to my users, that are allowed to login. If I set PermitRoot without-password, but do not include root in AllowUsers, root is not able to login with pubkey. I do not want to set root in AllowUsers, since the without-password option should check this allready, I think... So I made a small patc...
2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
...gest you add a separate section to provide a summary of common access control methods. ACCESS CONTROL In sshd, the access controls are placed in the configuration file. The following example is a starting point for a simple access policy: PermitRootLogin no DenyUsers @* DenyGroups root AllowUsers user at 10.1.1.* # Local network AllowUsers user at 1.2.3.4 # External site 1 AllowUsers user at 76.209.1.162 # External site 2 Match group ssh-users AllowUsers * The PermitRootLogin directive prevents ne'er-do-wells from brute-force attacking your root password. The D...
2012 Aug 10
1
AllowUsers "logic" and failure to indicate bad configuration
...info/?l=openssh-unix-dev&m=132311628508429&w=2 Like him, I'm using 5.3p1 as packaged in CentOS 6.3. Secondly the Allow/Deny logic is downright tortured. I looked back and again didn't come across any good discussion as to why it was written that way. It should not be necessary for AllowUsers to be the superset of AllowGroups. As Spock would say "it is illogical." If you had to write PF rules like that you'd go crazy. That's why most people use first-match logic. Per the manpage, if the logic is DenyUsers > AllowUsers > DenyGroups > AllowGroups, then there ha...
2001 Jun 13
2
user@host in AllowUsers
...opment account (and easy sudo). I don't want this account exposed on the internet side of the firewall, so I created a doorstep account with no perms and really long passwords to get anywhere useful. I looked through the SSH book and it gave me the impression that I could set up these rules: AllowUsers wiz@*.myhouse.nat AllowUsers doorstep@* But when I tested it was clear that OpenSSH 2.9 doesn't support this syntax. Then I searched this list and I found a post from June 4 by Andrew Tridgell supplying a patch to provide exactly this functionality. Actually I initially thought there might...
2009 Feb 10
1
sshd_config allows multiple AllowUsers lines?
Hi, I've just been adding a few extra hosts to my sshd_config's AllowUsers, and it's got a bit unwieldy. As far as I can tell from the sshd_config(5) and ssh_config(5) man pages, the *only* way to specify multiple AllowUsers patterns is on a single line, separated by spaces. With more than 6 or 7 patterns it starts wrapping on to multiple lines and gets hard to r...
2011 May 20
0
Possible error in coding of AllowUsers / AllowGroups in ssh 5.8p2
...I wanted to use the AllowGroups facility to allow users in by group instead of listing individual usernames but also allow root only from a single central host. Setup actions: targetusername on target host has a secondary group entry of "staff". Updated sshd_config to add the lines: AllowUsers root at nimsrvr AllowGroups staff targertusername is NOT listed in AllowUsers Stopped and started sshd Attempted to ssh from another host as "ssh targetusername at targethost date" I always get the syslog message "user X from Y not allowed because not listed in AllowUsers. Th...
2003 Feb 10
0
Possible Allow* bug?
Hey, After discussing the limit of MAX_ALLOW_USERS I've been trying to use AllowGroups instead. In the config file I have the AllowUsers lines before the AllowGroups lines (I have tried both ways) and it appears that the presence on the AllowGroups directives seems to blow away any Allow* directives I have set. I'm not sure how to check further for bugs so I figured I'd contact you guys. When I simply comment out the Al...
2001 Jun 04
0
[patch] user@host in AllowUsers
This is a port of a patch I contributed to ssh 1.2.23 in May 1998. I have missed the functionality after moving to OpenSSH so I have updated the patch and hope OpenSSH might accept it. The patch allows sshd_config to have lines like: AllowUsers root at localhost AllowUsers tridge@* AllowUsers guest at 192.168.2.* DenyUsers badguy@* etc. I found this useful for restricting users to only login from hostnames that they pre-arranged with me. Patch is against current cvs. Cheers, Tridge Index: auth.c =====================================...
2015 Apr 17
0
[Bug 2384] New: AllowUsers doesn't allow users sssd domain users with @ in
https://bugzilla.mindrot.org/show_bug.cgi?id=2384 Bug ID: 2384 Summary: AllowUsers doesn't allow users sssd domain users with @ in Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd...
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised to find that one cannot be used to override the other. For example: AllowGroups administrators AllowUsers john If john is *not* part of the administrators group, then access is being denied. Is this the expected behaviour? This would force me to create...
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
A short while ago, I looked at using the AllowUsers configuration option in openssh (v3.8p1 , but I believe this to be unchanged in 3.9p1) to restrict access such that only specific remote machines could access specific local accounts. I swiftly discovered that a) specifying wildcarded IP numbers to try to allow a useful IP range was pointless:...
2010 Feb 01
1
case sensitivity, "Match User" and "AllowUsers"
...logging in as "usEr" is exactly the same as logging in with "USer" as well as the other fourteen possible combinations for a four-letter username. ?Further, only the all-lowercase version invokes "start.sh." I thought I might be able to solve this with the following. AllowUsers user I thought this would force sshd to only let one case combination through. ?However, all case combinations can still log in and "start.sh" is not getting executed. ?In other words, there is a discrepancy between "Match User" and "AllowUsers" in this regard. Does...
2015 Apr 28
0
[Bug 2391] New: Enhance AllowGroups documentation in man page
...l OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org Reporter: jjelen at redhat.com Our customer got into problems using AllowGroup in combination with AllowUsers, because documentation in this part is little bit unclear. Original problem is that when you use AllowUsers in combination with AllowGroups, only users who are specified in AllowUsers AND some of their group is in AllowGroups can login. Minimal test case: /etc/ssh/sshd_config >AllowUsers user...