similar to: openssh question

Displaying 20 results from an estimated 1000 matches similar to: "openssh question"

2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
https://bugzilla.mindrot.org/show_bug.cgi?id=3193 Bug ID: 3193 Summary: Add separate section in sshd_config man page on Access Control Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:
2005 Jun 28
2
more flexible AllowUsers/DenyUsers syntax
Hi, I hope this is the right place for a feature request. I'd like to have more flexible AllowUsers/DenyUsers synax. I am in a situation, where I have machines connected to three networks (a private, high speed, a public, and a private vpn) and I'd like to enable root logins only on the private networks. Currently I see no way of doing this, because there is no way to specify a
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
https://bugzilla.mindrot.org/show_bug.cgi?id=1690 Summary: AllowUsers and DenyGroups directives are not parsed in the order specified Product: Portable OpenSSH Version: 5.3p1 Platform: ix86 OS/Version: Linux Status: NEW Keywords: patch Severity: trivial Priority: P2 Component:
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone, After discussing the AllowGroups I think I've discovered a bug. The system is a solaris 8 system and the problem is that when I use AllowGroups with no AllowUsers args, the proper actions happen. Same with AllowUsers and no AllowGroups. When I try to combine the two, none of the Allow directives seem to take. Is it just me or maybe a bug? -James
2008 May 09
2
Problem, possibly bug with AllowUsers & DenyUsers
Hi there, I have just compiled openssh-5.0 on Solaris 10, and am trying to set up a certain pattern of user access control. Essentially, regular users should be able to login from any network, while root should be able to login only from a private network 192.168.88.0/22. Actually, for the purpose of sshd_config, this is four networks, but that's another story... Here is what I tried:
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised to find that one cannot be used to override the other. For example: AllowGroups administrators AllowUsers john If john is *not* part of the administrators group, then access is being denied. Is this the expected behaviour? This would force me to create another group just for ssh, something like ssh-admins. This other
2012 Aug 10
1
AllowUsers "logic" and failure to indicate bad configuration
I smacked into this previously reported bug today whereby an invalid keyword in the Match{} stanza did not throw an error on configuration reload. Are there any plans to fix this? Likewise the penchant for some fields to be comma separated and others to be spaces is just asking for mistakes. Why not support both and be done with it? There was no response (that I saw in the archives) to this post
2001 Jun 18
2
Patch for changing expired passwords
The primary purpose of the attached patches is for portable OpenSSH to support changing expired passwords as specified in shadow password files. To support that, I did a couple enhancements to the base OpenBSD OpenSSH code. They are: 1. Consolidated the handling of "forced_command" into a do_exec() function in session.c. These were being handled inconsistently and allocated
2006 Nov 09
1
sshd_config question.
I want to allow a single host root access via ssh. If the order of processing DenyUsers, AllowUsers were reversed this cold be done in a straight forward manner. My question, is would adding an Apache-like derective Order Deny,Allow violate any standards or be a security problem? _____ Douglas Denault http://www.safeport.com doug at safeport.com
2005 Nov 17
2
AllowUsers not working under certain conditions
Hello, I've trawled archives looking for changes in the "AllowUsers" option, manuals, changes log, reported bugs and to my surprise I can't find anything or anyone that has reported the issues that I am experiencing. I am using the default installation sshd_config file as supplied by Redhat and the only options I have changed are: ListenAddress AllowUsers The first problem
2001 Jun 04
0
[patch] user@host in AllowUsers
This is a port of a patch I contributed to ssh 1.2.23 in May 1998. I have missed the functionality after moving to OpenSSH so I have updated the patch and hope OpenSSH might accept it. The patch allows sshd_config to have lines like: AllowUsers root at localhost AllowUsers tridge@* AllowUsers guest at 192.168.2.* DenyUsers badguy@* etc. I found this useful for restricting users to only login
2007 Sep 20
0
OpenSSH 4.7p1 - support the use of netgroups in AllowUsers and DenyUsers configuration options
Hello, I have attached a small patch that enables OpenSSH 4.7p1 to use netgroups for users and hosts entries in the AllowUsers and DenyUsers configuration options in sshd_config. This has the following advantages: * hostnames or ip addresses don't have to be maintained in sshd_config, but you can use meaningful names for groups of users and groups of hosts. * large scale installations can
2009 Feb 10
1
sshd_config allows multiple AllowUsers lines?
Hi, I've just been adding a few extra hosts to my sshd_config's AllowUsers, and it's got a bit unwieldy. As far as I can tell from the sshd_config(5) and ssh_config(5) man pages, the *only* way to specify multiple AllowUsers patterns is on a single line, separated by spaces. With more than 6 or 7 patterns it starts wrapping on to multiple lines and gets hard to read, especially
2014 Oct 10
1
[Bug 2292] New: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters
https://bugzilla.mindrot.org/show_bug.cgi?id=2292 Bug ID: 2292 Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
A short while ago, I looked at using the AllowUsers configuration option in openssh (v3.8p1 , but I believe this to be unchanged in 3.9p1) to restrict access such that only specific remote machines could access specific local accounts. I swiftly discovered that a) specifying wildcarded IP numbers to try to allow a useful IP range was pointless: if I specified AllowUsers joe at
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2
2004 May 07
3
Contribution to 3.8.1pl1
Hello, I added the support for netgroups to be used in the AllowUsers and DenyUsers parameters. This has some advantages: * hostnames or ip addresses need not to be written or maintained in the sshd_config file, but can be kept abstract names what also simplifies a bit largescale openssh installations * sshd_config needs not change and sshd be restarted when changing the list of allowed /
2010 Dec 10
1
Problem of updating openssh-4.4p1 to openssh-5.5p1 with MAX_ALLOW_USERS option
Hello! We have the server with RHEL 5.5 (64-bit) and need to connect many parallel users over ssh (OpenSSH). Usually we use openssh-4.4p1, builded from the sources with changed "servconf.h" file by this type: ???#define MAX_ALLOW_USERS ????????10000 ????/* Max # users on allow list. */ ???#define MAX_DENY_USERS ???????????10000 ????/* Max # users on deny list. */ ???#define
2015 Apr 28
0
[Bug 2391] New: Enhance AllowGroups documentation in man page
https://bugzilla.mindrot.org/show_bug.cgi?id=2391 Bug ID: 2391 Summary: Enhance AllowGroups documentation in man page Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee:
2003 Aug 18
0
PATCH: Auth selection
Hello all, on website http://sweb.cz/v_t_m/ the Auth selection patch is available. This patch allows to specify AllowUsers, DenyUsers for individual authentications (hostbased, publickey, password, keyboard-interactive, kerberos, kerberos_or_local, gss, securid-1 at ssh.com). By this you can define authentication methods for each user. All configuration options are mentioned in file