search for: denyus

Displaying 20 results from an estimated 82 matches for "denyus".

Did you mean: denys
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone, After discussing the AllowGroups I think I've discovered a bug. The system is a solaris 8 system and the problem is that when I use AllowGroups with no AllowUsers args, the proper actions happen. Same with AllowUsers and no AllowGroups. When I try to combine the two, none of the Allow directives seem to take. Is it just me or maybe a bug? -James
2008 Dec 18
1
[Bug 1546] New: sshd_config DenyUsers does not recognize negated host properly
https://bugzilla.mindrot.org/show_bug.cgi?id=1546 Summary: sshd_config DenyUsers does not recognize negated host properly Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P4 Component: sshd AssignedTo: unassi...
2008 May 09
2
Problem, possibly bug with AllowUsers & DenyUsers
...of user access control. Essentially, regular users should be able to login from any network, while root should be able to login only from a private network 192.168.88.0/22. Actually, for the purpose of sshd_config, this is four networks, but that's another story... Here is what I tried: DenyUsers root@!192.168.88.* Result: root can login from anywhere while I expected it to be allowed only from 192.168.88.0/24 So I ran a number of tests to see which will work correctly. DenyUsers root at 192.168.88.40 # I used this client Result: GOOD. root access denied from 192.168.88.40, allowed f...
2005 Jun 28
2
more flexible AllowUsers/DenyUsers syntax
Hi, I hope this is the right place for a feature request. I'd like to have more flexible AllowUsers/DenyUsers synax. I am in a situation, where I have machines connected to three networks (a private, high speed, a public, and a private vpn) and I'd like to enable root logins only on the private networks. Currently I see no way of doing this, because there is no way to specify a class that...
2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
...In the sshd_config man page, I suggest you add a separate section to provide a summary of common access control methods. ACCESS CONTROL In sshd, the access controls are placed in the configuration file. The following example is a starting point for a simple access policy: PermitRootLogin no DenyUsers @* DenyGroups root AllowUsers user at 10.1.1.* # Local network AllowUsers user at 1.2.3.4 # External site 1 AllowUsers user at 76.209.1.162 # External site 2 Match group ssh-users AllowUsers * The PermitRootLogin directive prevents ne'er-do-wells from brute-for...
2014 Oct 10
1
[Bug 2292] New: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters
https://bugzilla.mindrot.org/show_bug.cgi?id=2292 Bug ID: 2292 Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancemen...
2007 Sep 20
0
OpenSSH 4.7p1 - support the use of netgroups in AllowUsers and DenyUsers configuration options
Hello, I have attached a small patch that enables OpenSSH 4.7p1 to use netgroups for users and hosts entries in the AllowUsers and DenyUsers configuration options in sshd_config. This has the following advantages: * hostnames or ip addresses don't have to be maintained in sshd_config, but you can use meaningful names for groups of users and groups of hosts. * large scale installations can manage user groups and host groups in...
2009 Sep 02
8
[Bug 1646] New: Match directive does not override default settings
...y: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: alves at montecristogames.com --- Comment #0 from David Alves <alves at montecristogames.com> 2009-09-03 01:55:19 EST --- Hello, I found this strange behaviour When setting a user in the DenyUsers directive and then Matching it on a Match directive it does not work. I read the man 5 sshd-config : "If all of the criteria on the Match line are satisfied, the keywords on the following lines override those set in the global section of the config file, until either another Match line or...
2016 Dec 16
3
Call for testing: OpenSSH 7.4
...ng > bungle on Void's part. Don't know about this one. Might install a VM to look at this if I get a chance. > On Debian testing: discovered a small-but-significant problem in auth.c's > allowed_user() function. Commit 010359b3 expanded the body of the loop that > checks DenyUsers entries, but didn't add the necessary braces around it, so > it didn't exactly have the intended effect, instead resulting in only the > last entry in DenyUsers actually being enforced. (Credit to gcc's > -Wmisleading-indentation warning here.) Nice find! Fixed. > The...
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
...er "joe" belonging to group "joe" will be denied access based on his group. However, the sshd_config man page states that AllowUsers should be processed before DenyGroups, thereby allowing joe to log in: "... The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups." To reproduce: 1) Create a user 'test' and give him a password. 2) Add these lines in sshd_config: AllowUsers test DenyGroups test 3) Restart sshd. 4) Attempt to SSH in as user 'test'. 5) Check /var/log/auth.log. The att...
2008 Dec 16
2
Request change to file match.c, function match_pattern_list
...l : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20081216/fe35d5b5/attachment.bin -------------- next part -------------- Justification ------------- On a system running Red Hat Enterprise Linux 4, I wanted to use a configuration of the following form in sshd_config: DenyUsers oracle@!localhost.localdomain that would prevent user ``oracle'' from logging into the host from any host except the host itself (localhost). Rephrased, I want to allow logins to user ``oracle'' only by users who already are logged into the same host that has user ``oracl...
2001 Jun 04
0
[patch] user@host in AllowUsers
...a patch I contributed to ssh 1.2.23 in May 1998. I have missed the functionality after moving to OpenSSH so I have updated the patch and hope OpenSSH might accept it. The patch allows sshd_config to have lines like: AllowUsers root at localhost AllowUsers tridge@* AllowUsers guest at 192.168.2.* DenyUsers badguy@* etc. I found this useful for restricting users to only login from hostnames that they pre-arranged with me. Patch is against current cvs. Cheers, Tridge Index: auth.c =================================================================== RCS file: /cvs/openssh_cvs/auth.c,v retrieving...
2005 Feb 24
3
Suggestion: SSHD pseudo/fake mode. Source available.
Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different
2001 Jun 18
2
Patch for changing expired passwords
...9;) ? _PATH_BSHELL : pw->pw_shell; /* deny if shell does not exists or is not executable */ ! if (stat(shell, &st) != 0) return 0; ! if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) return 0; /* Return false if user is listed in DenyUsers */ if (options.num_deny_users > 0) { for (i = 0; i < options.num_deny_users; i++) ! if (match_pattern(pw->pw_name, options.deny_users[i])) return 0; } /* Return false if AllowUsers isn't empty and user isn't listed there */ if (options.num_allow_users &g...
2009 Feb 10
1
sshd_config allows multiple AllowUsers lines?
...ed by spaces. With more than 6 or 7 patterns it starts wrapping on to multiple lines and gets hard to read, especially as the sshd_config file does not support backslash newline continuation. Searching the mailing list archives for AllowUsers, I came across a message which implies that multiple DenyUsers (which I assume works the same as AllowUsers) lines are permitted[0], and that they are equivalent to a single concatenated DenyUsers line. Further, using multiple AllowUsers directives appears to work. But I can find no mention of this behaviour in the man pages. So, is this guaranteed beh...
2003 Feb 05
2
MAX_ALLOW_USERS
Hey everyone, I have been using sftp for quite some time now and we have just hit 256 sftp users. Line 21 of servconf.h reads: #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ I am curious why this is in a header file and not something that is in sshd_config that can be changed without recompile? Thanks in advance! -- James Dennis Harvard Law School "Not
2003 Aug 18
0
PATCH: Auth selection
Hello all, on website http://sweb.cz/v_t_m/ the Auth selection patch is available. This patch allows to specify AllowUsers, DenyUsers for individual authentications (hostbased, publickey, password, keyboard-interactive, kerberos, kerberos_or_local, gss, securid-1 at ssh.com). By this you can define authentication methods for each user. All configuration options are mentioned in file sshd_config. Their usage is the same like...
2004 Aug 09
1
Question about AllowUsers and AllowGroups
...s AllowUsers john If john is *not* part of the administrators group, then access is being denied. Is this the expected behaviour? This would force me to create another group just for ssh, something like ssh-admins. This other excerpt works as expected, at least for me: AllowGroups administrators DenyUsers johnadmin If johnadmin is part of the administrators group, he is still denied access. This all with openssh-3.8.1p1 on Linux.
2006 Nov 09
1
sshd_config question.
I want to allow a single host root access via ssh. If the order of processing DenyUsers, AllowUsers were reversed this cold be done in a straight forward manner. My question, is would adding an Apache-like derective Order Deny,Allow violate any standards or be a security problem? _____ Douglas Denault http://www.safeport.com doug at safeport.com
2010 Nov 08
1
openssh question
The denyUsers / AllowUsers option in openSSH does not satisfy our needs. We want to supply our own software to allow/deny sessions based on time of day. I do not know if PAM can do this, but in any case we can not use PAM. ? Did someone do such a change in openSSH code