Displaying 20 results from an estimated 1000 matches similar to: "AllowUsers - proposal for useful variations on the theme"
2002 Mar 28
1
[PATCH] Feature addition: user access control per auth method
I added a few features to openssh for my local use that I think would
be more broadly useful. I basically added access control lists to
control who would be allowed public key authentication. I added four
config file entries for the server:
PubkeyAllowUsers
PubkeyDenyUsers
PubkeyAllowGroups
PubkeyDenyGroups
These follow the same sematics as the already existing entries for
2001 Jun 04
0
[patch] user@host in AllowUsers
This is a port of a patch I contributed to ssh 1.2.23 in May 1998. I
have missed the functionality after moving to OpenSSH so I have
updated the patch and hope OpenSSH might accept it.
The patch allows sshd_config to have lines like:
AllowUsers root at localhost
AllowUsers tridge@*
AllowUsers guest at 192.168.2.*
DenyUsers badguy@*
etc.
I found this useful for restricting users to only login
2003 Feb 16
2
AllowUsers Change
Markus, ignore the other stuff I sent.. I need to go back to bed and stop
trying to code.. <sigh>
For everone else.. Will this make everyone happy?
This does the follow.
it will always honor AllowUsers.
If there is no Allow/DenyGroups it stated they are not in allowUsers. IF
there are AllowDenyGroups it tries them. And then stated they are not in
either AllowUsers nor AllowGroups
2001 Jun 18
2
Patch for changing expired passwords
The primary purpose of the attached patches is for portable OpenSSH to
support changing expired passwords as specified in shadow password files.
To support that, I did a couple enhancements to the base OpenBSD OpenSSH
code. They are:
1. Consolidated the handling of "forced_command" into a do_exec()
function in session.c. These were being handled inconsistently and
allocated
2000 Oct 24
2
feature request & patch submit: chroot(2) in sshd
Hello,
whereas most people take passwd/shadow/ldap/<whatever> as the place where
decision on a chrooted environment / sandbox for certain users is met (just
set the given usershell appropriateley), I needed a somewhat different
approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config
by two options and, when set, places all users / users of a certain group
immediately in
2003 Feb 10
0
Possible Allow* bug?
Hey,
After discussing the limit of MAX_ALLOW_USERS I've been trying to use
AllowGroups instead. In the config file I have the AllowUsers lines
before the AllowGroups lines (I have tried both ways) and it appears
that the presence on the AllowGroups directives seems to blow away any
Allow* directives I have set. I'm not sure how to check further for bugs
so I figured I'd contact
2001 Mar 02
0
Patch for system-wide default environment
We recently switched to OpenSSH from ssh 1.2.x and
I quickly noticed that /etc/environment processing has gone AWOL.
This patch adds a new sshd_config variable:
SysEnvFile
Specifies a file containing the system-wide default environment
in ``VARNAME=value'' format (default is none.) The contents of a
user's $HOME/.ssh/environment file, if
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser"
option in the sshd_config file.
I was looking for a way to offer sftp access and at the same time restict
interactive shell access. This patch is a necessary first step (IMO).
It applies clean with 'patch -l'.
Also attached is a shell script that helps to build a chrooted home dir on
a RedHat 7.2
2000 Aug 29
0
AllowUsers and AllogGroups problem...
I just downloaded newest snapshot and noticed that problem is still
present. I am not sure why I didn't get any reply about my previous
message, probably it wasn't too clear so I try now again. And I noticed
one problem with previous patch so here is fixed and far more tested
version of patch.
So problem is hopefully best described by this way...
When admin wants to allow invidual user
2010 Dec 10
0
Fwd: Problem of updating openssh-4.4p1 to openssh-5.5p1 with MAX_ALLOW_USERS option
Hello!
> Hello!
>
> We have the server with RHEL 5.5 (64-bit) and need to connect many
parallel users over ssh (OpenSSH).
> Usually we use openssh-4.4p1, builded from the sources with changed
"servconf.h" file by this type:
> #define MAX_ALLOW_USERS 10000 /* Max # users on
allow list. */
> #define MAX_DENY_USERS
2010 Dec 10
1
Problem of updating openssh-4.4p1 to openssh-5.5p1 with MAX_ALLOW_USERS option
Hello!
We have the server with RHEL 5.5 (64-bit) and need to connect many parallel users over ssh (OpenSSH).
Usually we use openssh-4.4p1, builded from the sources with changed "servconf.h" file by this type:
???#define MAX_ALLOW_USERS ????????10000 ????/* Max # users on allow list. */
???#define MAX_DENY_USERS ???????????10000 ????/* Max # users on deny list. */
???#define
2003 Jun 11
2
[PATCH] Fix typos, OpenBSD + Portable
Hi.
Whenever I notice a typo someplace, I fix it in a local "typo tree".
Attached is 2 patches from that tree, one against OpenBSD and the other
against Portable.
Is it worth fixing these?
-Daz.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
Hi all,
this is a patch to make Ciphers, MACs and KexAlgorithms available in
Match blocks. Now I can reach a -current machine with some Android
terminal app without changing the default ciphers for all clients:
Match Address 192.168.1.2
Ciphers aes128-cbc
MACs hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha1
Index: servconf.c
2005 Nov 17
2
AllowUsers not working under certain conditions
Hello,
I've trawled archives looking for changes in the "AllowUsers" option,
manuals, changes log, reported bugs and to my surprise I can't find anything
or anyone that has reported the issues that I am experiencing.
I am using the default installation sshd_config file as supplied by Redhat
and the only options I have changed are:
ListenAddress
AllowUsers
The first problem
2004 Oct 11
1
PermitRoot without-password doesn't work if AllowUsers user1 user2 set, but root not included; Also some bug in auth.c (Me thinks)
Hi list!
I have some machines running openssh 3.9p1.
AllowUsers is set to my users, that are allowed to login.
If I set PermitRoot without-password, but do not include root in AllowUsers,
root is not able to login with pubkey. I do not want to set root in
AllowUsers, since the without-password option should check this allready, I
think... So I made a small patch that allows me to login as root
2003 Feb 05
2
MAX_ALLOW_USERS
Hey everyone,
I have been using sftp for quite some time now and we have just hit 256
sftp users. Line 21 of servconf.h reads:
#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
I am curious why this is in a header file and not something that is in
sshd_config that can be changed without recompile?
Thanks in advance!
--
James Dennis
Harvard Law School
"Not
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).
We would like to thank the
2001 Mar 14
1
/etc/default/login patch?
Would anybody happen to have or know of a patch to make /etc/default/login
PATH and SUPATH the default openssh path? We have customized paths for each
school of engineering (each have their own customized site bin). This is
easily controled with /etc/default/login. The --with-default-path option
is too rigid. This is Solaris I am talking about.
--mike
2006 Jan 08
3
Allow --without-privsep build.
I've been trying to cut down the size of openssh so I can run it on my
Nokia 770. One thing which helps a fair amount (and will help even more
when I get '-ffunction-sections -fdata-sections --gc-sections' working)
is to have the option of compiling out privilege separation...
Is it worth me tidying this up and trying to make it apply properly to
the OpenBSD version? Does the openbsd
2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
https://bugzilla.mindrot.org/show_bug.cgi?id=3193
Bug ID: 3193
Summary: Add separate section in sshd_config man page on Access
Control
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: