Displaying 20 results from an estimated 138 matches for "allowus".
Did you mean:
allows
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone,
After discussing the AllowGroups I think I've discovered a bug.
The system is a solaris 8 system and the problem is that when I use
AllowGroups with no AllowUsers args, the proper actions happen. Same
with AllowUsers and no AllowGroups. When I try to combine the two, none
of the Allow directives seem to take.
Is it just me or maybe a bug?
-James
2003 Feb 16
2
AllowUsers Change
Markus, ignore the other stuff I sent.. I need to go back to bed and stop
trying to code.. <sigh>
For everone else.. Will this make everyone happy?
This does the follow.
it will always honor AllowUsers.
If there is no Allow/DenyGroups it stated they are not in allowUsers. IF
there are AllowDenyGroups it tries them. And then stated they are not in
either AllowUsers nor AllowGroups
since PErmitRootLogin is not handled in auth.c:allowed_users() I will not
try to add that logic. I still belie...
2008 May 09
2
Problem, possibly bug with AllowUsers & DenyUsers
..., allowed from other
places.
DenyUsers root at 192.168.88.*
Result: GOOD. root access denied from 192.168.88.0/24, allowed from other
places.
DenyUsers root@!192.168.88.44
Result: BAD. root can login from 192.168.88.40, or anywhere else
So it seems the negation does not work.
Continued tests:
AllowUsers root at 192.168.88.*
Result: GOOD. root can login only from 192.168.88.0/24.
AllowUsers root@!192.168.88.44
Result: BAD. root cannot login from anywhere. In fact, no one can.
AllowUsers root@!192.168.88.*
Result: BAD. root cannot login from anywhere. In fact, no one can.
AllowUsers root at...
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
https://bugzilla.mindrot.org/show_bug.cgi?id=1690
Summary: AllowUsers and DenyGroups directives are not parsed in
the order specified
Product: Portable OpenSSH
Version: 5.3p1
Platform: ix86
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: trivial
Priority:...
2005 Jun 28
2
more flexible AllowUsers/DenyUsers syntax
Hi,
I hope this is the right place for a feature request.
I'd like to have more flexible AllowUsers/DenyUsers synax.
I am in a situation, where I have machines connected to three
networks (a private, high speed, a public, and a private vpn) and I'd
like to enable root logins only on the private networks. Currently I
see no way of doing this, because there is no way to specify a cla...
2005 Nov 17
2
AllowUsers not working under certain conditions
Hello,
I've trawled archives looking for changes in the "AllowUsers" option,
manuals, changes log, reported bugs and to my surprise I can't find anything
or anyone that has reported the issues that I am experiencing.
I am using the default installation sshd_config file as supplied by Redhat
and the only options I have changed are:
ListenAddress
AllowUs...
2014 Jun 26
1
sshd_config AllowUsers syntax wrong in documentation
It seems the syntax for AllowUsers in sshd_config is not the same that is
given in man sshd_config and in several documentation on the web.
(http://www.openssh.com/cgi-bin/man.cgi?query=sshd_config)
e.g.
AllowUsers root
does work.
AllowUsers root username
does not work.
If I try to login as root I get "User root from...
2004 Oct 11
1
PermitRoot without-password doesn't work if AllowUsers user1 user2 set, but root not included; Also some bug in auth.c (Me thinks)
Hi list!
I have some machines running openssh 3.9p1.
AllowUsers is set to my users, that are allowed to login.
If I set PermitRoot without-password, but do not include root in AllowUsers,
root is not able to login with pubkey. I do not want to set root in
AllowUsers, since the without-password option should check this allready, I
think... So I made a small p...
2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
...gest you add a separate section to
provide a summary of common access control methods.
ACCESS CONTROL
In sshd, the access controls are placed in the configuration file. The
following example is a starting point for a simple access policy:
PermitRootLogin no
DenyUsers @*
DenyGroups root
AllowUsers user at 10.1.1.* # Local network
AllowUsers user at 1.2.3.4 # External site 1
AllowUsers user at 76.209.1.162 # External site 2
Match group ssh-users
AllowUsers *
The PermitRootLogin directive prevents ne'er-do-wells from brute-force
attacking your root password. Th...
2012 Aug 10
1
AllowUsers "logic" and failure to indicate bad configuration
...info/?l=openssh-unix-dev&m=132311628508429&w=2
Like him, I'm using 5.3p1 as packaged in CentOS 6.3.
Secondly the Allow/Deny logic is downright tortured. I looked back and
again didn't come across any good discussion as to why it was written that
way. It should not be necessary for AllowUsers to be the superset of
AllowGroups. As Spock would say "it is illogical." If you had to write PF
rules like that you'd go crazy. That's why most people use first-match
logic.
Per the manpage, if the logic is DenyUsers > AllowUsers > DenyGroups >
AllowGroups, then there...
2001 Jun 13
2
user@host in AllowUsers
...opment account (and easy sudo). I don't want
this account exposed on the internet side of the firewall, so I created a
doorstep account with no perms and really long passwords to get anywhere
useful.
I looked through the SSH book and it gave me the impression that I could set
up these rules:
AllowUsers wiz@*.myhouse.nat
AllowUsers doorstep@*
But when I tested it was clear that OpenSSH 2.9 doesn't support this syntax.
Then I searched this list and I found a post from June 4 by Andrew Tridgell
supplying a patch to provide exactly this functionality.
Actually I initially thought there mig...
2009 Feb 10
1
sshd_config allows multiple AllowUsers lines?
Hi,
I've just been adding a few extra hosts to my sshd_config's AllowUsers, and
it's got a bit unwieldy.
As far as I can tell from the sshd_config(5) and ssh_config(5) man pages, the
*only* way to specify multiple AllowUsers patterns is on a single line,
separated by spaces. With more than 6 or 7 patterns it starts wrapping on to
multiple lines and gets hard t...
2011 May 20
0
Possible error in coding of AllowUsers / AllowGroups in ssh 5.8p2
...I wanted to use the AllowGroups facility to allow users in by group instead of listing individual usernames but also allow root only from a single central host.
Setup actions:
targetusername on target host has a secondary group entry of "staff".
Updated sshd_config to add the lines:
AllowUsers root at nimsrvr
AllowGroups staff
targertusername is NOT listed in AllowUsers
Stopped and started sshd
Attempted to ssh from another host as "ssh targetusername at targethost date"
I always get the syslog message "user X from Y not allowed because not listed in AllowUsers....
2003 Feb 10
0
Possible Allow* bug?
Hey,
After discussing the limit of MAX_ALLOW_USERS I've been trying to use
AllowGroups instead. In the config file I have the AllowUsers lines
before the AllowGroups lines (I have tried both ways) and it appears
that the presence on the AllowGroups directives seems to blow away any
Allow* directives I have set. I'm not sure how to check further for bugs
so I figured I'd contact you guys.
When I simply comment out the...
2001 Jun 04
0
[patch] user@host in AllowUsers
This is a port of a patch I contributed to ssh 1.2.23 in May 1998. I
have missed the functionality after moving to OpenSSH so I have
updated the patch and hope OpenSSH might accept it.
The patch allows sshd_config to have lines like:
AllowUsers root at localhost
AllowUsers tridge@*
AllowUsers guest at 192.168.2.*
DenyUsers badguy@*
etc.
I found this useful for restricting users to only login from hostnames
that they pre-arranged with me.
Patch is against current cvs.
Cheers, Tridge
Index: auth.c
==================================...
2015 Apr 17
0
[Bug 2384] New: AllowUsers doesn't allow users sssd domain users with @ in
https://bugzilla.mindrot.org/show_bug.cgi?id=2384
Bug ID: 2384
Summary: AllowUsers doesn't allow users sssd domain users with
@ in
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd...
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised
to find that one cannot be used to override the other. For example:
AllowGroups administrators
AllowUsers john
If john is *not* part of the administrators group, then access is being denied.
Is this the expected behaviour? This would force me to cre...
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
A short while ago, I looked at using the AllowUsers configuration option
in openssh (v3.8p1 , but I believe this to be unchanged in 3.9p1) to
restrict access such that only specific remote machines could access
specific local accounts.
I swiftly discovered that
a) specifying wildcarded IP numbers to try to allow a useful IP range
was pointle...
2010 Feb 01
1
case sensitivity, "Match User" and "AllowUsers"
...logging in as "usEr" is exactly the same as logging in with "USer" as well as the other fourteen possible combinations for a four-letter username. ?Further, only the all-lowercase version invokes "start.sh." I thought I might be able to solve this with the following.
AllowUsers user
I thought this would force sshd to only let one case combination through. ?However, all case combinations can still log in and "start.sh" is not getting executed. ?In other words, there is a discrepancy between "Match User" and "AllowUsers" in this regard. D...
2015 Apr 28
0
[Bug 2391] New: Enhance AllowGroups documentation in man page
...l
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Our customer got into problems using AllowGroup in combination with
AllowUsers, because documentation in this part is little bit unclear.
Original problem is that when you use AllowUsers in combination with
AllowGroups, only users who are specified in AllowUsers AND some of
their group is in AllowGroups can login.
Minimal test case:
/etc/ssh/sshd_config
>AllowUsers us...