similar to: Multiple AllowGroups entries in sshd_config with Puppet and Augeas

Hey everyone, After discussing the AllowGroups I think I've discovered a bug. The system is a solaris 8 system and the problem is that when I use AllowGroups with no AllowUsers args, the proper actions happen. Same with AllowUsers and no AllowGroups. When I try to combine the two, none of the Allow directives seem to take. Is it just me or maybe a bug? -James

Hey gang, I seem to be having a brain disconnect on how to get the Augeas type to manage things that have multiple values (i.e. an Augeas tree) via Puppet. If I run this in augtool: augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser augtool> save I see this in /etc/ssh/sshd_config: AllowGroups sshuser However, if I try this in an Augeas type: augeas {

While testing some AllowUsers and AllowGroups combinations I was surprised to find that one cannot be used to override the other. For example: AllowGroups administrators AllowUsers john If john is *not* part of the administrators group, then access is being denied. Is this the expected behaviour? This would force me to create another group just for ssh, something like ssh-admins. This other

Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial Package: logcheck-database Version: 1.3.13 Severity: minor *** Please type your report below this line *** Similar to how AllowUsers denials are ignored, also ignore AllowGroups: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of

http://bugzilla.mindrot.org/show_bug.cgi?id=999 Summary: AllowGroups ,DenyGroups failed to report hostname Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Hi! I'm experimenting with migrating the custom sshd_config settings for our (Debian bullseye, openssh-server 8.4) server environment into fragments under sshd_config.d/, and am wondering about sshd's behaviour when encountering multiple AllowGroup lines. The manual states "For each keyword, the first obtained value will be used.", so that gives me the impression that any

Hi all, I think this has been asked in one form or another, but my problem so far is i''m not sure of the terminology or nomenclature to use in my search string to find out my answer... So, here is my question.. I have lots of systems/instances, like most of us, and like most of they are spread across different tiers and environments. ie. dev/stg/prod i''ve setup my puppet

http://bugzilla.mindrot.org/show_bug.cgi?id=938 Summary: "AllowGroups" option and secondary user's groups limit Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2391 Bug ID: 2391 Summary: Enhance AllowGroups documentation in man page Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee:

What I was trying to do: I wanted to use the AllowGroups facility to allow users in by group instead of listing individual usernames but also allow root only from a single central host. Setup actions: targetusername on target host has a secondary group entry of "staff". Updated sshd_config to add the lines: AllowUsers root at nimsrvr AllowGroups staff targertusername is NOT

I do not know have you have already fixed problem when both AllowUsers and AllowGroups have been defined. Source package was: openssh-2.1.1-p1 (rpm version) Problem is described in this example: AllowGroups admins ssh AllowUsers testuser testusers primary group is users User cannot login because his primary group wasn't admins or ssh... I have included patch for this in this message. Hope

Hai, I have AllowGroups sshlinux, sshwindows Add at least 1 user in the linux group and at least 1 in the sshwindows group. Make sure the sshwindows group have a GID. And make sure the windows user loggin in in ssh als have a UID. AND for both, UID 1000+ ( which is in debian the default PAM setting ) . This is base on a "MEMBER" server. If you do : getent windowsuser You

Markus, ignore the other stuff I sent.. I need to go back to bed and stop trying to code.. <sigh> For everone else.. Will this make everyone happy? This does the follow. it will always honor AllowUsers. If there is no Allow/DenyGroups it stated they are not in allowUsers. IF there are AllowDenyGroups it tries them. And then stated they are not in either AllowUsers nor AllowGroups

https://bugzilla.mindrot.org/show_bug.cgi?id=2292 Bug ID: 2292 Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW

Hi, with sssd i can do: $ ssh user at domain.tld@HOST1 $ id user at domain.tld $ ls -al /home/domain.tld/user drwx------ 5 user at domain.tld domain users at domain.tld 103 12. Jun 14:14 . $ grep AllowGroups /etc/ssh/sshd_config AllowGroups lokale_gruppe samba_gruppe at domain.tld When switching to winbind only $ id user at domain.tld is working any other command is using user\domain $ ls -al

Hi, I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage. Services like proftpd have: "AllowGroup ftpgroup" sshd have "AllowGroups sshgroup" And samba have "valid users = @smbgroup" But I can't find the correct

On 16/06/2023 19:49, Stefan Kania via samba wrote: > Hi, > > with sssd i can do: > $ ssh user at domain.tld@HOST1 > $ id user at domain.tld > $ ls -al /home/domain.tld/user > drwx------ 5 user at domain.tld domain users at domain.tld? 103 12. Jun 14:14 . > $ grep AllowGroups /etc/ssh/sshd_config > AllowGroups lokale_gruppe samba_gruppe at domain.tld > > When

Hello, I was hoping that someone could shed some light on this issue we are having. I'm trying to use AD groups to allow SSH access into the Linux boxes but It doesn't seem to work. We have: AllowGroups unix_admins AllowUsers joe at server1.domain.com And doesn't work. If I remove the first one it works great joe can login into the box from server1. the end objective

I smacked into this previously reported bug today whereby an invalid keyword in the Match{} stanza did not throw an error on configuration reload. Are there any plans to fix this? Likewise the penchant for some fields to be comma separated and others to be spaces is just asking for mistakes. Why not support both and be done with it? There was no response (that I saw in the archives) to this post

Hi, Can anyone else confirm that AllowGroup is no longer an accepted configuration option for openssh-server-4.3p2-29.el5. And is this intended or should I be submitting a Bug Report ? Thanks