Displaying 20 results from an estimated 900 matches similar to: "OpenSSH 4.7p1 - support the use of netgroups in AllowUsers and DenyUsers configuration options"
2004 May 07
3
Contribution to 3.8.1pl1
Hello,
I added the support for netgroups to be used in the
AllowUsers and DenyUsers parameters. This has some
advantages:
* hostnames or ip addresses need not to be written or
maintained in the sshd_config file, but can be kept
abstract names what also simplifies a bit largescale
openssh installations
* sshd_config needs not change and sshd be restarted
when changing the list of allowed /
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
A short while ago, I looked at using the AllowUsers configuration option
in openssh (v3.8p1 , but I believe this to be unchanged in 3.9p1) to
restrict access such that only specific remote machines could access
specific local accounts.
I swiftly discovered that
a) specifying wildcarded IP numbers to try to allow a useful IP range
was pointless: if I specified
AllowUsers joe at
2001 Jun 04
0
[patch] user@host in AllowUsers
This is a port of a patch I contributed to ssh 1.2.23 in May 1998. I
have missed the functionality after moving to OpenSSH so I have
updated the patch and hope OpenSSH might accept it.
The patch allows sshd_config to have lines like:
AllowUsers root at localhost
AllowUsers tridge@*
AllowUsers guest at 192.168.2.*
DenyUsers badguy@*
etc.
I found this useful for restricting users to only login
2008 May 09
2
Problem, possibly bug with AllowUsers & DenyUsers
Hi there,
I have just compiled openssh-5.0 on Solaris 10, and am trying to set up
a certain pattern of user access control. Essentially, regular users
should be able to login from any network, while root should be able to
login only from a private network 192.168.88.0/22. Actually, for the
purpose of sshd_config, this is four networks, but that's another story...
Here is what I tried:
2014 Oct 10
1
[Bug 2292] New: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters
https://bugzilla.mindrot.org/show_bug.cgi?id=2292
Bug ID: 2292
Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups,
AllowGroups should actually tell how the evaluation
order matters
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
2005 Jun 28
2
more flexible AllowUsers/DenyUsers syntax
Hi,
I hope this is the right place for a feature request.
I'd like to have more flexible AllowUsers/DenyUsers synax.
I am in a situation, where I have machines connected to three
networks (a private, high speed, a public, and a private vpn) and I'd
like to enable root logins only on the private networks. Currently I
see no way of doing this, because there is no way to specify a
2007 Nov 02
1
[Patch, enh] Permit host and IP addresses in (Allow|Deny)Groups
Hi,
I ran across a case in which my server maintenance was simplified by
using
SSHD configuration options like this in sshd_config:
AllowGroups admin at 192.168.0.* sshuser
in much the same fashion as (Allow|Deny)Users. In this case, the goal is
to
provide access to administrators only from the local network, while
allowing
SSH users to login from anywhere. This (IMHO) simplifies access
2001 Jun 18
2
Patch for changing expired passwords
The primary purpose of the attached patches is for portable OpenSSH to
support changing expired passwords as specified in shadow password files.
To support that, I did a couple enhancements to the base OpenBSD OpenSSH
code. They are:
1. Consolidated the handling of "forced_command" into a do_exec()
function in session.c. These were being handled inconsistently and
allocated
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone,
After discussing the AllowGroups I think I've discovered a bug.
The system is a solaris 8 system and the problem is that when I use
AllowGroups with no AllowUsers args, the proper actions happen. Same
with AllowUsers and no AllowGroups. When I try to combine the two, none
of the Allow directives seem to take.
Is it just me or maybe a bug?
-James
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
https://bugzilla.mindrot.org/show_bug.cgi?id=1690
Summary: AllowUsers and DenyGroups directives are not parsed in
the order specified
Product: Portable OpenSSH
Version: 5.3p1
Platform: ix86
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: trivial
Priority: P2
Component:
2009 Feb 10
1
sshd_config allows multiple AllowUsers lines?
Hi,
I've just been adding a few extra hosts to my sshd_config's AllowUsers, and
it's got a bit unwieldy.
As far as I can tell from the sshd_config(5) and ssh_config(5) man pages, the
*only* way to specify multiple AllowUsers patterns is on a single line,
separated by spaces. With more than 6 or 7 patterns it starts wrapping on to
multiple lines and gets hard to read, especially
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised
to find that one cannot be used to override the other. For example:
AllowGroups administrators
AllowUsers john
If john is *not* part of the administrators group, then access is being denied.
Is this the expected behaviour? This would force me to create another group just
for ssh, something like ssh-admins.
This other
2012 Aug 10
1
AllowUsers "logic" and failure to indicate bad configuration
I smacked into this previously reported bug today whereby an invalid
keyword in the Match{} stanza did not throw an error on configuration
reload. Are there any plans to fix this? Likewise the penchant for some
fields to be comma separated and others to be spaces is just asking for
mistakes. Why not support both and be done with it? There was no response
(that I saw in the archives) to this post
2019 Feb 22
2
[PATCH 2/2] Cygwin: implement case-insensitive Unicode user and group name matching
On Feb 22 16:02, Darren Tucker wrote:
> On Fri, Feb 22, 2019 at 03:32:43PM +1100, Darren Tucker wrote:
> > On Wed, 20 Feb 2019 at 23:54, Corinna Vinschen <vinschen at redhat.com> wrote:
> > > The previous revert enabled case-insensitive user names again. This
> > > patch implements the case-insensitive user and group name matching.
> > > To allow Unicode
2005 Jan 20
1
[Bug 909] AllowUsers denied access does not log IP address
http://bugzilla.mindrot.org/show_bug.cgi?id=909
------- Additional Comments From dtucker at zip.com.au 2005-01-20 23:22 -------
Created an attachment (id=779)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=779&action=view)
add source address/hostname to log messages.
Please try this patch (against OpenBSD but will apply to 3.9p1 with fuzz).
The log messages look like:
User
2005 Nov 17
2
AllowUsers not working under certain conditions
Hello,
I've trawled archives looking for changes in the "AllowUsers" option,
manuals, changes log, reported bugs and to my surprise I can't find anything
or anyone that has reported the issues that I am experiencing.
I am using the default installation sshd_config file as supplied by Redhat
and the only options I have changed are:
ListenAddress
AllowUsers
The first problem
2007 Nov 09
1
HPN SSH
Hello,
I know that this has been asked before, just wanted to mention that I,
too, would like to see the HPN SSH functionality incorporated in the
standard OpenSSH.
Would there be technical disadvantages integrating the changes?
I know we are all pretty busy, but I would certainly spend time to help,
e.g. with testing, documentation, etc.
Cheers
--pwo
--
Peter W. Osel - http://pwo.de/ - pwo
2008 Dec 16
2
Request change to file match.c, function match_pattern_list
Greetings,
This request is in the grey area between a bug report and an
enhancement request.
Request
-------
Please apply the following diff (or something functionally similar) to
file ``match.c'' in OpenSSH-5.1p1:
161a162,164
> } else {
> if (negated)
> got_positive = 1; /* Negative match, negated = Positive */
In case the lines above wrapped in the email
2008 Dec 18
1
[Bug 1546] New: sshd_config DenyUsers does not recognize negated host properly
https://bugzilla.mindrot.org/show_bug.cgi?id=1546
Summary: sshd_config DenyUsers does not recognize negated host
properly
Product: Portable OpenSSH
Version: 5.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P4
Component: sshd
AssignedTo: unassigned-bugs
2006 Feb 10
0
OpenSSH ControlAllowUsers, et al Patch
Attached (and inline) is a patch to add the following config options:
ControlBindMask
ControlAllowUsers
ControlAllowGroups
ControlDenyUsers
ControlDenyGroups
It pulls the peer credential check from client_process_control() in ssh.c,
and expounds upon it in a new function, client_control_grant().
Supplemental groups are not checked in this patch. I didn't feel comfortable
taking a shot