similar to: Bug#637923: Tweak to ssh rules to ignore AllowGroups denial

Hello list, I'm not sure whether this is bug worthy or just my own insanity. I'm using 6.4p1 packages from Debian jessie and wheezy-backports. I like VisualHostKey, although it may not add any protection (other than not trusting ones own known_hosts file?), I've become accustomed to it as it seems that extra neurons fire when I log into a host and get a visual cue of what looks like

https://bugzilla.mindrot.org/show_bug.cgi?id=2194 Bug ID: 2194 Summary: Supress VisualHostKey message when re-keying Product: Portable OpenSSH Version: 6.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

Hey everyone, After discussing the AllowGroups I think I've discovered a bug. The system is a solaris 8 system and the problem is that when I use AllowGroups with no AllowUsers args, the proper actions happen. Same with AllowUsers and no AllowGroups. When I try to combine the two, none of the Allow directives seem to take. Is it just me or maybe a bug? -James

https://bugzilla.mindrot.org/show_bug.cgi?id=2391 Bug ID: 2391 Summary: Enhance AllowGroups documentation in man page Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee:

While testing some AllowUsers and AllowGroups combinations I was surprised to find that one cannot be used to override the other. For example: AllowGroups administrators AllowUsers john If john is *not* part of the administrators group, then access is being denied. Is this the expected behaviour? This would force me to create another group just for ssh, something like ssh-admins. This other

Hello, first thanks for all the work, I appreciate the attention to security :-) I have a performance issue I am trying to solve. On my new server it would appear that synchronizing changes between the client and server is taking longer then my previous setup. I have recently upgraded from my old server to a new home (the basis for my comparison), From: - Redhat 9.0, uw-imap, using

What I was trying to do: I wanted to use the AllowGroups facility to allow users in by group instead of listing individual usernames but also allow root only from a single central host. Setup actions: targetusername on target host has a secondary group entry of "staff". Updated sshd_config to add the lines: AllowUsers root at nimsrvr AllowGroups staff targertusername is NOT

http://bugzilla.mindrot.org/show_bug.cgi?id=999 Summary: AllowGroups ,DenyGroups failed to report hostname Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

I do not know have you have already fixed problem when both AllowUsers and AllowGroups have been defined. Source package was: openssh-2.1.1-p1 (rpm version) Problem is described in this example: AllowGroups admins ssh AllowUsers testuser testusers primary group is users User cannot login because his primary group wasn't admins or ssh... I have included patch for this in this message. Hope

https://bugzilla.mindrot.org/show_bug.cgi?id=2292 Bug ID: 2292 Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW

Hello, I was hoping that someone could shed some light on this issue we are having. I'm trying to use AD groups to allow SSH access into the Linux boxes but It doesn't seem to work. We have: AllowGroups unix_admins AllowUsers joe at server1.domain.com And doesn't work. If I remove the first one it works great joe can login into the box from server1. the end objective

Hi, I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage. Services like proftpd have: "AllowGroup ftpgroup" sshd have "AllowGroups sshgroup" And samba have "valid users = @smbgroup" But I can't find the correct

http://bugzilla.mindrot.org/show_bug.cgi?id=938 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #12 from dtucker at zip.com.au 2006-10-07 11:37 ------- Change all RESOLVED bug to CLOSED with the exception

Hi, After extensively looking into puppet + augeas for managing the AllowGroups in sshd_config, I came to the conclusion that it won''t work as I expected :( So I''m sharing my thoughts here. The main objective is allowing multiple groups per-node, depending on what the security team wants. Since I want this to be dynamic, I created a define in a class: class ssh::server::config

http://bugzilla.mindrot.org/show_bug.cgi?id=938 Summary: "AllowGroups" option and secondary user's groups limit Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at

Hi! I'm experimenting with migrating the custom sshd_config settings for our (Debian bullseye, openssh-server 8.4) server environment into fragments under sshd_config.d/, and am wondering about sshd's behaviour when encountering multiple AllowGroup lines. The manual states "For each keyword, the first obtained value will be used.", so that gives me the impression that any

Hey gang, I seem to be having a brain disconnect on how to get the Augeas type to manage things that have multiple values (i.e. an Augeas tree) via Puppet. If I run this in augtool: augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser augtool> save I see this in /etc/ssh/sshd_config: AllowGroups sshuser However, if I try this in an Augeas type: augeas {

Hi, Can anyone else confirm that AllowGroup is no longer an accepted configuration option for openssh-server-4.3p2-29.el5. And is this intended or should I be submitting a Bug Report ? Thanks

https://bugzilla.mindrot.org/show_bug.cgi?id=2154 Bug ID: 2154 Summary: Avoid key lookup overhead when re-keying Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

FYI -------------- next part -------------- An embedded message was scrubbed... From: "iDEFENSE Labs" <labs@idefense.com> Subject: iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x Date: Tue, 8 Apr 2003 12:44:39 -0400 Size: 4554 Url: http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030408/43598086/attachment.eml