similar to: [Bug 999] AllowGroups ,DenyGroups failed to report hostname

https://bugzilla.mindrot.org/show_bug.cgi?id=1690 Summary: AllowUsers and DenyGroups directives are not parsed in the order specified Product: Portable OpenSSH Version: 5.3p1 Platform: ix86 OS/Version: Linux Status: NEW Keywords: patch Severity: trivial Priority: P2 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=2292 Bug ID: 2292 Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW

Hey everyone, After discussing the AllowGroups I think I've discovered a bug. The system is a solaris 8 system and the problem is that when I use AllowGroups with no AllowUsers args, the proper actions happen. Same with AllowUsers and no AllowGroups. When I try to combine the two, none of the Allow directives seem to take. Is it just me or maybe a bug? -James

Markus, ignore the other stuff I sent.. I need to go back to bed and stop trying to code.. <sigh> For everone else.. Will this make everyone happy? This does the follow. it will always honor AllowUsers. If there is no Allow/DenyGroups it stated they are not in allowUsers. IF there are AllowDenyGroups it tries them. And then stated they are not in either AllowUsers nor AllowGroups

http://bugzilla.mindrot.org/show_bug.cgi?id=1298 Summary: Use of Allow/DenyGroups leads to slow login Product: Portable OpenSSH Version: -current Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=1087 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Group|Portable OpenSSH | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

https://bugzilla.mindrot.org/show_bug.cgi?id=2391 Bug ID: 2391 Summary: Enhance AllowGroups documentation in man page Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee:

I smacked into this previously reported bug today whereby an invalid keyword in the Match{} stanza did not throw an error on configuration reload. Are there any plans to fix this? Likewise the penchant for some fields to be comma separated and others to be spaces is just asking for mistakes. Why not support both and be done with it? There was no response (that I saw in the archives) to this post

Hi, After extensively looking into puppet + augeas for managing the AllowGroups in sshd_config, I came to the conclusion that it won''t work as I expected :( So I''m sharing my thoughts here. The main objective is allowing multiple groups per-node, depending on what the security team wants. Since I want this to be dynamic, I created a define in a class: class ssh::server::config

While testing some AllowUsers and AllowGroups combinations I was surprised to find that one cannot be used to override the other. For example: AllowGroups administrators AllowUsers john If john is *not* part of the administrators group, then access is being denied. Is this the expected behaviour? This would force me to create another group just for ssh, something like ssh-admins. This other

Hi, I ran across a case in which my server maintenance was simplified by using SSHD configuration options like this in sshd_config: AllowGroups admin at 192.168.0.* sshuser in much the same fashion as (Allow|Deny)Users. In this case, the goal is to provide access to administrators only from the local network, while allowing SSH users to login from anywhere. This (IMHO) simplifies access

Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial Package: logcheck-database Version: 1.3.13 Severity: minor *** Please type your report below this line *** Similar to how AllowUsers denials are ignored, also ignore AllowGroups: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of

http://bugzilla.mindrot.org/show_bug.cgi?id=1315 Summary: Match Group does not support negation Product: Portable OpenSSH Version: 4.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: wknox at

http://bugzilla.mindrot.org/show_bug.cgi?id=1030 Summary: sshd writes twice to wtmp when "UseLogin" is yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

The primary purpose of the attached patches is for portable OpenSSH to support changing expired passwords as specified in shadow password files. To support that, I did a couple enhancements to the base OpenBSD OpenSSH code. They are: 1. Consolidated the handling of "forced_command" into a do_exec() function in session.c. These were being handled inconsistently and allocated

Hi! I'm experimenting with migrating the custom sshd_config settings for our (Debian bullseye, openssh-server 8.4) server environment into fragments under sshd_config.d/, and am wondering about sshd's behaviour when encountering multiple AllowGroup lines. The manual states "For each keyword, the first obtained value will be used.", so that gives me the impression that any

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

http://bugzilla.mindrot.org/show_bug.cgi?id=938 Summary: "AllowGroups" option and secondary user's groups limit Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at

http://bugzilla.mindrot.org/show_bug.cgi?id=1032 Summary: PrintLastLog is not working with UseLogin yes Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Hello all, I have made SecurID authentication for OpenSSH 3.6.1p2. This patch was totaly rewritten, so please test it before use. Kbd-int authentication is now integrated into challenge response auth. Privsep is now fully suported. PS: What do you think of selective access to the individual authentications, similar to AllowGroups/DenyGroups or maybe AllowUsers/DenyUsers ? Vaclav Tomec