Displaying 20 results from an estimated 2000 matches similar to: "[Bug 1546] New: sshd_config DenyUsers does not recognize negated host properly"
2008 Dec 16
2
Request change to file match.c, function match_pattern_list
Greetings,
This request is in the grey area between a bug report and an
enhancement request.
Request
-------
Please apply the following diff (or something functionally similar) to
file ``match.c'' in OpenSSH-5.1p1:
161a162,164
> } else {
> if (negated)
> got_positive = 1; /* Negative match, negated = Positive */
In case the lines above wrapped in the email
2005 Jun 28
2
more flexible AllowUsers/DenyUsers syntax
Hi,
I hope this is the right place for a feature request.
I'd like to have more flexible AllowUsers/DenyUsers synax.
I am in a situation, where I have machines connected to three
networks (a private, high speed, a public, and a private vpn) and I'd
like to enable root logins only on the private networks. Currently I
see no way of doing this, because there is no way to specify a
2014 Oct 10
1
[Bug 2292] New: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters
https://bugzilla.mindrot.org/show_bug.cgi?id=2292
Bug ID: 2292
Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups,
AllowGroups should actually tell how the evaluation
order matters
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
2019 Feb 22
2
[PATCH 2/2] Cygwin: implement case-insensitive Unicode user and group name matching
On Feb 22 16:02, Darren Tucker wrote:
> On Fri, Feb 22, 2019 at 03:32:43PM +1100, Darren Tucker wrote:
> > On Wed, 20 Feb 2019 at 23:54, Corinna Vinschen <vinschen at redhat.com> wrote:
> > > The previous revert enabled case-insensitive user names again. This
> > > patch implements the case-insensitive user and group name matching.
> > > To allow Unicode
2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
https://bugzilla.mindrot.org/show_bug.cgi?id=3193
Bug ID: 3193
Summary: Add separate section in sshd_config man page on Access
Control
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2016 Apr 15
2
ssh-keygen -R is case-sensitive, but should not be
Here is a better patch. Somehow I pasted an older version of my edits:
-------------------------------------------------------
% diff ./match.c /home/millerig/osrc/openssh-7.2p2/match.c
121a122
> char *low_string = 0;
156,159c157,168
< if (match_pattern(string, sub)) {
< if (negated)
< return -1; /* Negative */
< else
---
> if (dolower) {
> u_int j;
>
2008 May 09
2
Problem, possibly bug with AllowUsers & DenyUsers
Hi there,
I have just compiled openssh-5.0 on Solaris 10, and am trying to set up
a certain pattern of user access control. Essentially, regular users
should be able to login from any network, while root should be able to
login only from a private network 192.168.88.0/22. Actually, for the
purpose of sshd_config, this is four networks, but that's another story...
Here is what I tried:
2009 Sep 02
8
[Bug 1646] New: Match directive does not override default settings
https://bugzilla.mindrot.org/show_bug.cgi?id=1646
Summary: Match directive does not override default settings
Product: Portable OpenSSH
Version: 5.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
2007 Sep 20
0
OpenSSH 4.7p1 - support the use of netgroups in AllowUsers and DenyUsers configuration options
Hello,
I have attached a small patch that enables OpenSSH 4.7p1 to use
netgroups for users and hosts entries in the AllowUsers and DenyUsers
configuration options in sshd_config.
This has the following advantages:
* hostnames or ip addresses don't have to be maintained in sshd_config,
but you can use meaningful names for groups of users and groups of
hosts.
* large scale installations can
2006 Nov 09
1
sshd_config question.
I want to allow a single host root access via ssh. If the order of processing
DenyUsers, AllowUsers were reversed this cold be done in a straight forward
manner.
My question, is would adding an Apache-like derective Order Deny,Allow violate
any standards or be a security problem?
_____
Douglas Denault
http://www.safeport.com
doug at safeport.com
2019 Feb 20
3
[PATCH 0/2] Cygwin: allow user and group case-insensitive Unicode strings
Windows usernames are case-insensitive and almost any Unicode character
is allowed in a username. The user should be able to login with her
username given in any case and not be refused. However, this opens up
a security problem in terms of the sshd_config Match rules. The match
rules for user and group names have to operate case-insensitive as well,
otherwise the user can override her settings
2009 Feb 10
1
sshd_config allows multiple AllowUsers lines?
Hi,
I've just been adding a few extra hosts to my sshd_config's AllowUsers, and
it's got a bit unwieldy.
As far as I can tell from the sshd_config(5) and ssh_config(5) man pages, the
*only* way to specify multiple AllowUsers patterns is on a single line,
separated by spaces. With more than 6 or 7 patterns it starts wrapping on to
multiple lines and gets hard to read, especially
2023 Mar 02
2
Multiple AllowGroup lines in sshd_config?
Hi!
I'm experimenting with migrating the custom sshd_config settings for our
(Debian bullseye, openssh-server 8.4) server environment into fragments
under sshd_config.d/, and am wondering about sshd's behaviour when
encountering multiple AllowGroup lines.
The manual states "For each keyword, the first obtained value will be
used.", so that gives me the impression that any
2016 Dec 16
3
Call for testing: OpenSSH 7.4
On Thu, Dec 15, 2016 at 4:22 PM, Zev Weiss <zev at bewilderbeest.net> wrote:
[...]
> I tested (or tried) git commit b737e4d7 on three systems, with somewhat
> mixed results.
Thanks for the comprehensive testing!
> On Mac OSX (macOS?) 10.9, configure failed with:
>
> ...
> checking OpenSSL header version... 1000208f (OpenSSL 1.0.2h 3 May 2016)
> checking
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
https://bugzilla.mindrot.org/show_bug.cgi?id=1690
Summary: AllowUsers and DenyGroups directives are not parsed in
the order specified
Product: Portable OpenSSH
Version: 5.3p1
Platform: ix86
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: trivial
Priority: P2
Component:
2019 Feb 22
3
[PATCH 2/2] Cygwin: implement case-insensitive Unicode user and group name matching
On Wed, 20 Feb 2019 at 23:54, Corinna Vinschen <vinschen at redhat.com> wrote:
> The previous revert enabled case-insensitive user names again. This
> patch implements the case-insensitive user and group name matching.
> To allow Unicode chars, implement the matcher using wchar_t chars in
> Cygwin-specific code. Keep the generic code changes as small as possible.
> Cygwin:
2011 Jul 05
4
[Bug 1918] New: match_pattern_list fails for negated failure
https://bugzilla.mindrot.org/show_bug.cgi?id=1918
Bug #: 1918
Summary: match_pattern_list fails for negated failure
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
2002 Dec 04
2
Suggestion: rsync and direct IO
We have some cases when copying indexes that we'd like rsync to avoid
the system cache when copying a chunk of data from some other machine.
I am probably going to modify our own copy of rsync to do this, but if
we could write directly to the disk using direct-io (or from for that
matter) we could avoid polluting the operating system's buffer cache
before we're ready to use the new
2001 Jun 18
2
Patch for changing expired passwords
The primary purpose of the attached patches is for portable OpenSSH to
support changing expired passwords as specified in shadow password files.
To support that, I did a couple enhancements to the base OpenBSD OpenSSH
code. They are:
1. Consolidated the handling of "forced_command" into a do_exec()
function in session.c. These were being handled inconsistently and
allocated
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised
to find that one cannot be used to override the other. For example:
AllowGroups administrators
AllowUsers john
If john is *not* part of the administrators group, then access is being denied.
Is this the expected behaviour? This would force me to create another group just
for ssh, something like ssh-admins.
This other