Displaying 20 results from an estimated 1000 matches similar to: "[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified"
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone,
After discussing the AllowGroups I think I've discovered a bug.
The system is a solaris 8 system and the problem is that when I use
AllowGroups with no AllowUsers args, the proper actions happen. Same
with AllowUsers and no AllowGroups. When I try to combine the two, none
of the Allow directives seem to take.
Is it just me or maybe a bug?
-James
2012 Aug 10
1
AllowUsers "logic" and failure to indicate bad configuration
I smacked into this previously reported bug today whereby an invalid
keyword in the Match{} stanza did not throw an error on configuration
reload. Are there any plans to fix this? Likewise the penchant for some
fields to be comma separated and others to be spaces is just asking for
mistakes. Why not support both and be done with it? There was no response
(that I saw in the archives) to this post
2014 Oct 10
1
[Bug 2292] New: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters
https://bugzilla.mindrot.org/show_bug.cgi?id=2292
Bug ID: 2292
Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups,
AllowGroups should actually tell how the evaluation
order matters
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
2003 Feb 16
2
AllowUsers Change
Markus, ignore the other stuff I sent.. I need to go back to bed and stop
trying to code.. <sigh>
For everone else.. Will this make everyone happy?
This does the follow.
it will always honor AllowUsers.
If there is no Allow/DenyGroups it stated they are not in allowUsers. IF
there are AllowDenyGroups it tries them. And then stated they are not in
either AllowUsers nor AllowGroups
2005 Nov 17
2
AllowUsers not working under certain conditions
Hello,
I've trawled archives looking for changes in the "AllowUsers" option,
manuals, changes log, reported bugs and to my surprise I can't find anything
or anyone that has reported the issues that I am experiencing.
I am using the default installation sshd_config file as supplied by Redhat
and the only options I have changed are:
ListenAddress
AllowUsers
The first problem
2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
https://bugzilla.mindrot.org/show_bug.cgi?id=3193
Bug ID: 3193
Summary: Add separate section in sshd_config man page on Access
Control
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised
to find that one cannot be used to override the other. For example:
AllowGroups administrators
AllowUsers john
If john is *not* part of the administrators group, then access is being denied.
Is this the expected behaviour? This would force me to create another group just
for ssh, something like ssh-admins.
This other
2001 Jun 18
2
Patch for changing expired passwords
The primary purpose of the attached patches is for portable OpenSSH to
support changing expired passwords as specified in shadow password files.
To support that, I did a couple enhancements to the base OpenBSD OpenSSH
code. They are:
1. Consolidated the handling of "forced_command" into a do_exec()
function in session.c. These were being handled inconsistently and
allocated
2005 Mar 14
6
[Bug 999] AllowGroups ,DenyGroups failed to report hostname
http://bugzilla.mindrot.org/show_bug.cgi?id=999
Summary: AllowGroups ,DenyGroups failed to report hostname
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2014 Jun 26
1
sshd_config AllowUsers syntax wrong in documentation
It seems the syntax for AllowUsers in sshd_config is not the same that is
given in man sshd_config and in several documentation on the web.
(http://www.openssh.com/cgi-bin/man.cgi?query=sshd_config)
e.g.
AllowUsers root
does work.
AllowUsers root username
does not work.
If I try to login as root I get "User root from <hostname> not allowed
because not listed in AllowUsers".
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser"
option in the sshd_config file.
I was looking for a way to offer sftp access and at the same time restict
interactive shell access. This patch is a necessary first step (IMO).
It applies clean with 'patch -l'.
Also attached is a shell script that helps to build a chrooted home dir on
a RedHat 7.2
2010 Dec 10
1
Problem of updating openssh-4.4p1 to openssh-5.5p1 with MAX_ALLOW_USERS option
Hello!
We have the server with RHEL 5.5 (64-bit) and need to connect many parallel users over ssh (OpenSSH).
Usually we use openssh-4.4p1, builded from the sources with changed "servconf.h" file by this type:
???#define MAX_ALLOW_USERS ????????10000 ????/* Max # users on allow list. */
???#define MAX_DENY_USERS ???????????10000 ????/* Max # users on deny list. */
???#define
2015 Apr 28
0
[Bug 2391] New: Enhance AllowGroups documentation in man page
https://bugzilla.mindrot.org/show_bug.cgi?id=2391
Bug ID: 2391
Summary: Enhance AllowGroups documentation in man page
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee:
2001 Jun 04
0
[patch] user@host in AllowUsers
This is a port of a patch I contributed to ssh 1.2.23 in May 1998. I
have missed the functionality after moving to OpenSSH so I have
updated the patch and hope OpenSSH might accept it.
The patch allows sshd_config to have lines like:
AllowUsers root at localhost
AllowUsers tridge@*
AllowUsers guest at 192.168.2.*
DenyUsers badguy@*
etc.
I found this useful for restricting users to only login
2007 Sep 20
0
OpenSSH 4.7p1 - support the use of netgroups in AllowUsers and DenyUsers configuration options
Hello,
I have attached a small patch that enables OpenSSH 4.7p1 to use
netgroups for users and hosts entries in the AllowUsers and DenyUsers
configuration options in sshd_config.
This has the following advantages:
* hostnames or ip addresses don't have to be maintained in sshd_config,
but you can use meaningful names for groups of users and groups of
hosts.
* large scale installations can
2001 Jun 13
2
user@host in AllowUsers
I have a number of development machines behind my OpenBSD firewall which all
provide a very permissive development account (and easy sudo). I don't want
this account exposed on the internet side of the firewall, so I created a
doorstep account with no perms and really long passwords to get anywhere
useful.
I looked through the SSH book and it gave me the impression that I could set
up these
2008 May 09
2
Problem, possibly bug with AllowUsers & DenyUsers
Hi there,
I have just compiled openssh-5.0 on Solaris 10, and am trying to set up
a certain pattern of user access control. Essentially, regular users
should be able to login from any network, while root should be able to
login only from a private network 192.168.88.0/22. Actually, for the
purpose of sshd_config, this is four networks, but that's another story...
Here is what I tried:
2003 Jun 10
2
SecurID authentication for 3.6.1p2 with privsep
Hello all,
I have made SecurID authentication for OpenSSH 3.6.1p2.
This patch was totaly rewritten, so please test it before use.
Kbd-int authentication is now integrated into challenge response
auth.
Privsep is now fully suported.
PS: What do you think of selective access to the individual
authentications, similar to AllowGroups/DenyGroups or maybe
AllowUsers/DenyUsers ?
Vaclav Tomec
2005 Jun 28
2
more flexible AllowUsers/DenyUsers syntax
Hi,
I hope this is the right place for a feature request.
I'd like to have more flexible AllowUsers/DenyUsers synax.
I am in a situation, where I have machines connected to three
networks (a private, high speed, a public, and a private vpn) and I'd
like to enable root logins only on the private networks. Currently I
see no way of doing this, because there is no way to specify a
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
A short while ago, I looked at using the AllowUsers configuration option
in openssh (v3.8p1 , but I believe this to be unchanged in 3.9p1) to
restrict access such that only specific remote machines could access
specific local accounts.
I swiftly discovered that
a) specifying wildcarded IP numbers to try to allow a useful IP range
was pointless: if I specified
AllowUsers joe at