Displaying 20 results from an estimated 82 matches for "denyuser".
Did you mean:
denyusers
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone,
After discussing the AllowGroups I think I've discovered a bug.
The system is a solaris 8 system and the problem is that when I use
AllowGroups with no AllowUsers args, the proper actions happen. Same
with AllowUsers and no AllowGroups. When I try to combine the two, none
of the Allow directives seem to take.
Is it just me or maybe a bug?
-James
2008 Dec 18
1
[Bug 1546] New: sshd_config DenyUsers does not recognize negated host properly
https://bugzilla.mindrot.org/show_bug.cgi?id=1546
Summary: sshd_config DenyUsers does not recognize negated host
properly
Product: Portable OpenSSH
Version: 5.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P4
Component: sshd
AssignedTo: unassign...
2008 May 09
2
Problem, possibly bug with AllowUsers & DenyUsers
...of user access control. Essentially, regular users
should be able to login from any network, while root should be able to
login only from a private network 192.168.88.0/22. Actually, for the
purpose of sshd_config, this is four networks, but that's another story...
Here is what I tried:
DenyUsers root@!192.168.88.*
Result: root can login from anywhere while I expected it to be allowed
only from 192.168.88.0/24
So I ran a number of tests to see which will work correctly.
DenyUsers root at 192.168.88.40 # I used this client
Result: GOOD. root access denied from 192.168.88.40, allowed fro...
2005 Jun 28
2
more flexible AllowUsers/DenyUsers syntax
Hi,
I hope this is the right place for a feature request.
I'd like to have more flexible AllowUsers/DenyUsers synax.
I am in a situation, where I have machines connected to three
networks (a private, high speed, a public, and a private vpn) and I'd
like to enable root logins only on the private networks. Currently I
see no way of doing this, because there is no way to specify a class
that do...
2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
...In the sshd_config man page, I suggest you add a separate section to
provide a summary of common access control methods.
ACCESS CONTROL
In sshd, the access controls are placed in the configuration file. The
following example is a starting point for a simple access policy:
PermitRootLogin no
DenyUsers @*
DenyGroups root
AllowUsers user at 10.1.1.* # Local network
AllowUsers user at 1.2.3.4 # External site 1
AllowUsers user at 76.209.1.162 # External site 2
Match group ssh-users
AllowUsers *
The PermitRootLogin directive prevents ne'er-do-wells from brute-force...
2014 Oct 10
1
[Bug 2292] New: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters
https://bugzilla.mindrot.org/show_bug.cgi?id=2292
Bug ID: 2292
Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups,
AllowGroups should actually tell how the evaluation
order matters
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement...
2007 Sep 20
0
OpenSSH 4.7p1 - support the use of netgroups in AllowUsers and DenyUsers configuration options
Hello,
I have attached a small patch that enables OpenSSH 4.7p1 to use
netgroups for users and hosts entries in the AllowUsers and DenyUsers
configuration options in sshd_config.
This has the following advantages:
* hostnames or ip addresses don't have to be maintained in sshd_config,
but you can use meaningful names for groups of users and groups of
hosts.
* large scale installations can manage user groups and host groups in a...
2009 Sep 02
8
[Bug 1646] New: Match directive does not override default settings
...y: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: alves at montecristogames.com
--- Comment #0 from David Alves <alves at montecristogames.com> 2009-09-03 01:55:19 EST ---
Hello,
I found this strange behaviour
When setting a user in the DenyUsers directive and then Matching it on
a Match directive it does not work. I read the man 5 sshd-config :
"If all of the criteria on the Match line are satisfied, the keywords
on the following lines override those set in the global section of the
config file, until either another Match line or th...
2016 Dec 16
3
Call for testing: OpenSSH 7.4
...ng
> bungle on Void's part.
Don't know about this one. Might install a VM to look at this if I
get a chance.
> On Debian testing: discovered a small-but-significant problem in auth.c's
> allowed_user() function. Commit 010359b3 expanded the body of the loop that
> checks DenyUsers entries, but didn't add the necessary braces around it, so
> it didn't exactly have the intended effect, instead resulting in only the
> last entry in DenyUsers actually being enforced. (Credit to gcc's
> -Wmisleading-indentation warning here.)
Nice find! Fixed.
> The a...
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
...er "joe" belonging to group "joe" will be denied access based on
his group. However, the sshd_config man page states that AllowUsers
should be processed before DenyGroups, thereby allowing joe to log in:
"... The allow/deny directives are processed in the following order:
DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups."
To reproduce:
1) Create a user 'test' and give him a password.
2) Add these lines in sshd_config:
AllowUsers test
DenyGroups test
3) Restart sshd.
4) Attempt to SSH in as user 'test'.
5) Check /var/log/auth.log. The attem...
2008 Dec 16
2
Request change to file match.c, function match_pattern_list
...l : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20081216/fe35d5b5/attachment.bin
-------------- next part --------------
Justification
-------------
On a system running Red Hat Enterprise Linux 4, I wanted to use a
configuration of the following form in sshd_config:
DenyUsers oracle@!localhost.localdomain
that would prevent user ``oracle'' from logging into the host from any
host except the host itself (localhost). Rephrased, I want to allow
logins to user ``oracle'' only by users who already are logged into
the same host that has user ``oracle&...
2001 Jun 04
0
[patch] user@host in AllowUsers
...a patch I contributed to ssh 1.2.23 in May 1998. I
have missed the functionality after moving to OpenSSH so I have
updated the patch and hope OpenSSH might accept it.
The patch allows sshd_config to have lines like:
AllowUsers root at localhost
AllowUsers tridge@*
AllowUsers guest at 192.168.2.*
DenyUsers badguy@*
etc.
I found this useful for restricting users to only login from hostnames
that they pre-arranged with me.
Patch is against current cvs.
Cheers, Tridge
Index: auth.c
===================================================================
RCS file: /cvs/openssh_cvs/auth.c,v
retrieving r...
2005 Feb 24
3
Suggestion: SSHD pseudo/fake mode. Source available.
Hi,
SSH brute force attacks seem to enjoy increasing popularity. Call me an
optimist or a misrouted kind of contributer to the community, but on our
company server I actually go through the logs and report extreme cases
to the providers of the originating IP's. With the increasing number of
these attacks, however, I have now decided that it's better to move the
SSHd to a different
2001 Jun 18
2
Patch for changing expired passwords
...9;) ? _PATH_BSHELL : pw->pw_shell;
/* deny if shell does not exists or is not executable */
! if (stat(shell, &st) != 0)
return 0;
! if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
return 0;
/* Return false if user is listed in DenyUsers */
if (options.num_deny_users > 0) {
for (i = 0; i < options.num_deny_users; i++)
! if (match_pattern(pw->pw_name, options.deny_users[i]))
return 0;
}
/* Return false if AllowUsers isn't empty and user isn't listed there */
if (options.num_allow_users >...
2009 Feb 10
1
sshd_config allows multiple AllowUsers lines?
...ed by spaces. With more than 6 or 7 patterns it starts wrapping on to
multiple lines and gets hard to read, especially as the sshd_config file does
not support backslash newline continuation.
Searching the mailing list archives for AllowUsers, I came across a message
which implies that multiple DenyUsers (which I assume works the same as
AllowUsers) lines are permitted[0], and that they are equivalent to a single
concatenated DenyUsers line. Further, using multiple AllowUsers directives
appears to work.
But I can find no mention of this behaviour in the man pages.
So, is this guaranteed behav...
2003 Feb 05
2
MAX_ALLOW_USERS
Hey everyone,
I have been using sftp for quite some time now and we have just hit 256
sftp users. Line 21 of servconf.h reads:
#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
I am curious why this is in a header file and not something that is in
sshd_config that can be changed without recompile?
Thanks in advance!
--
James Dennis
Harvard Law School
"Not
2003 Aug 18
0
PATCH: Auth selection
Hello all,
on website http://sweb.cz/v_t_m/ the Auth selection patch is available.
This patch allows to specify AllowUsers, DenyUsers for individual
authentications (hostbased, publickey, password, keyboard-interactive,
kerberos, kerberos_or_local, gss, securid-1 at ssh.com).
By this you can define authentication methods for each user.
All configuration options are mentioned in file sshd_config. Their usage is the same like w...
2004 Aug 09
1
Question about AllowUsers and AllowGroups
...s
AllowUsers john
If john is *not* part of the administrators group, then access is being denied.
Is this the expected behaviour? This would force me to create another group just
for ssh, something like ssh-admins.
This other excerpt works as expected, at least for me:
AllowGroups administrators
DenyUsers johnadmin
If johnadmin is part of the administrators group, he is still denied access.
This all with openssh-3.8.1p1 on Linux.
2006 Nov 09
1
sshd_config question.
I want to allow a single host root access via ssh. If the order of processing
DenyUsers, AllowUsers were reversed this cold be done in a straight forward
manner.
My question, is would adding an Apache-like derective Order Deny,Allow violate
any standards or be a security problem?
_____
Douglas Denault
http://www.safeport.com
doug at safeport.com
2010 Nov 08
1
openssh question
The denyUsers / AllowUsers option in openSSH does not satisfy our needs.
We want to supply our own software to allow/deny sessions based on time
of day.
I do not know if PAM can do this, but in any case we can not use PAM.
? Did someone do such a change in openSSH code