Displaying 20 results from an estimated 1000 matches similar to: "more flexible AllowUsers/DenyUsers syntax"
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone,
After discussing the AllowGroups I think I've discovered a bug.
The system is a solaris 8 system and the problem is that when I use
AllowGroups with no AllowUsers args, the proper actions happen. Same
with AllowUsers and no AllowGroups. When I try to combine the two, none
of the Allow directives seem to take.
Is it just me or maybe a bug?
-James
2008 May 09
2
Problem, possibly bug with AllowUsers & DenyUsers
Hi there,
I have just compiled openssh-5.0 on Solaris 10, and am trying to set up
a certain pattern of user access control. Essentially, regular users
should be able to login from any network, while root should be able to
login only from a private network 192.168.88.0/22. Actually, for the
purpose of sshd_config, this is four networks, but that's another story...
Here is what I tried:
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
https://bugzilla.mindrot.org/show_bug.cgi?id=1690
Summary: AllowUsers and DenyGroups directives are not parsed in
the order specified
Product: Portable OpenSSH
Version: 5.3p1
Platform: ix86
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: trivial
Priority: P2
Component:
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised
to find that one cannot be used to override the other. For example:
AllowGroups administrators
AllowUsers john
If john is *not* part of the administrators group, then access is being denied.
Is this the expected behaviour? This would force me to create another group just
for ssh, something like ssh-admins.
This other
2014 Oct 10
1
[Bug 2292] New: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters
https://bugzilla.mindrot.org/show_bug.cgi?id=2292
Bug ID: 2292
Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups,
AllowGroups should actually tell how the evaluation
order matters
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
2007 Sep 20
0
OpenSSH 4.7p1 - support the use of netgroups in AllowUsers and DenyUsers configuration options
Hello,
I have attached a small patch that enables OpenSSH 4.7p1 to use
netgroups for users and hosts entries in the AllowUsers and DenyUsers
configuration options in sshd_config.
This has the following advantages:
* hostnames or ip addresses don't have to be maintained in sshd_config,
but you can use meaningful names for groups of users and groups of
hosts.
* large scale installations can
2005 Nov 17
2
AllowUsers not working under certain conditions
Hello,
I've trawled archives looking for changes in the "AllowUsers" option,
manuals, changes log, reported bugs and to my surprise I can't find anything
or anyone that has reported the issues that I am experiencing.
I am using the default installation sshd_config file as supplied by Redhat
and the only options I have changed are:
ListenAddress
AllowUsers
The first problem
2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
https://bugzilla.mindrot.org/show_bug.cgi?id=3193
Bug ID: 3193
Summary: Add separate section in sshd_config man page on Access
Control
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2012 Aug 10
1
AllowUsers "logic" and failure to indicate bad configuration
I smacked into this previously reported bug today whereby an invalid
keyword in the Match{} stanza did not throw an error on configuration
reload. Are there any plans to fix this? Likewise the penchant for some
fields to be comma separated and others to be spaces is just asking for
mistakes. Why not support both and be done with it? There was no response
(that I saw in the archives) to this post
2008 Dec 18
1
[Bug 1546] New: sshd_config DenyUsers does not recognize negated host properly
https://bugzilla.mindrot.org/show_bug.cgi?id=1546
Summary: sshd_config DenyUsers does not recognize negated host
properly
Product: Portable OpenSSH
Version: 5.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P4
Component: sshd
AssignedTo: unassigned-bugs
2003 Feb 16
2
AllowUsers Change
Markus, ignore the other stuff I sent.. I need to go back to bed and stop
trying to code.. <sigh>
For everone else.. Will this make everyone happy?
This does the follow.
it will always honor AllowUsers.
If there is no Allow/DenyGroups it stated they are not in allowUsers. IF
there are AllowDenyGroups it tries them. And then stated they are not in
either AllowUsers nor AllowGroups
2004 Oct 11
1
PermitRoot without-password doesn't work if AllowUsers user1 user2 set, but root not included; Also some bug in auth.c (Me thinks)
Hi list!
I have some machines running openssh 3.9p1.
AllowUsers is set to my users, that are allowed to login.
If I set PermitRoot without-password, but do not include root in AllowUsers,
root is not able to login with pubkey. I do not want to set root in
AllowUsers, since the without-password option should check this allready, I
think... So I made a small patch that allows me to login as root
2001 Jun 13
2
user@host in AllowUsers
I have a number of development machines behind my OpenBSD firewall which all
provide a very permissive development account (and easy sudo). I don't want
this account exposed on the internet side of the firewall, so I created a
doorstep account with no perms and really long passwords to get anywhere
useful.
I looked through the SSH book and it gave me the impression that I could set
up these
2014 Jun 26
1
sshd_config AllowUsers syntax wrong in documentation
It seems the syntax for AllowUsers in sshd_config is not the same that is
given in man sshd_config and in several documentation on the web.
(http://www.openssh.com/cgi-bin/man.cgi?query=sshd_config)
e.g.
AllowUsers root
does work.
AllowUsers root username
does not work.
If I try to login as root I get "User root from <hostname> not allowed
because not listed in AllowUsers".
2001 Jun 04
0
[patch] user@host in AllowUsers
This is a port of a patch I contributed to ssh 1.2.23 in May 1998. I
have missed the functionality after moving to OpenSSH so I have
updated the patch and hope OpenSSH might accept it.
The patch allows sshd_config to have lines like:
AllowUsers root at localhost
AllowUsers tridge@*
AllowUsers guest at 192.168.2.*
DenyUsers badguy@*
etc.
I found this useful for restricting users to only login
2009 Feb 10
1
sshd_config allows multiple AllowUsers lines?
Hi,
I've just been adding a few extra hosts to my sshd_config's AllowUsers, and
it's got a bit unwieldy.
As far as I can tell from the sshd_config(5) and ssh_config(5) man pages, the
*only* way to specify multiple AllowUsers patterns is on a single line,
separated by spaces. With more than 6 or 7 patterns it starts wrapping on to
multiple lines and gets hard to read, especially
2006 Nov 09
1
sshd_config question.
I want to allow a single host root access via ssh. If the order of processing
DenyUsers, AllowUsers were reversed this cold be done in a straight forward
manner.
My question, is would adding an Apache-like derective Order Deny,Allow violate
any standards or be a security problem?
_____
Douglas Denault
http://www.safeport.com
doug at safeport.com
2010 Nov 08
1
openssh question
The denyUsers / AllowUsers option in openSSH does not satisfy our needs.
We want to supply our own software to allow/deny sessions based on time
of day.
I do not know if PAM can do this, but in any case we can not use PAM.
? Did someone do such a change in openSSH code
2010 Feb 01
1
case sensitivity, "Match User" and "AllowUsers"
Hello,
I sent this last week before signing up for the list, but haven't seen it in the archives, so I'm guessing it got discarded either as spam or HTML (sorry about that). In any case, the following was sent to comp.security.ssh early last week and I have gotten no response there. Can anyone here shed some light?
Thanks,
Eric
------------------------------------------
Hello,
2005 Mar 07
3
[Bug 995] PermitRootLogin by IP address block specification
http://bugzilla.mindrot.org/show_bug.cgi?id=995
Summary: PermitRootLogin by IP address block specification
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P3
Component: sshd
AssignedTo: openssh-bugs at mindrot.org