Displaying 20 results from an estimated 2000 matches similar to: "[Bug 2292] New: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters"
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
https://bugzilla.mindrot.org/show_bug.cgi?id=1690
Summary: AllowUsers and DenyGroups directives are not parsed in
the order specified
Product: Portable OpenSSH
Version: 5.3p1
Platform: ix86
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: trivial
Priority: P2
Component:
2015 Apr 28
0
[Bug 2391] New: Enhance AllowGroups documentation in man page
https://bugzilla.mindrot.org/show_bug.cgi?id=2391
Bug ID: 2391
Summary: Enhance AllowGroups documentation in man page
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee:
2012 Aug 10
1
AllowUsers "logic" and failure to indicate bad configuration
I smacked into this previously reported bug today whereby an invalid
keyword in the Match{} stanza did not throw an error on configuration
reload. Are there any plans to fix this? Likewise the penchant for some
fields to be comma separated and others to be spaces is just asking for
mistakes. Why not support both and be done with it? There was no response
(that I saw in the archives) to this post
2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
https://bugzilla.mindrot.org/show_bug.cgi?id=3193
Bug ID: 3193
Summary: Add separate section in sshd_config man page on Access
Control
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone,
After discussing the AllowGroups I think I've discovered a bug.
The system is a solaris 8 system and the problem is that when I use
AllowGroups with no AllowUsers args, the proper actions happen. Same
with AllowUsers and no AllowGroups. When I try to combine the two, none
of the Allow directives seem to take.
Is it just me or maybe a bug?
-James
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised
to find that one cannot be used to override the other. For example:
AllowGroups administrators
AllowUsers john
If john is *not* part of the administrators group, then access is being denied.
Is this the expected behaviour? This would force me to create another group just
for ssh, something like ssh-admins.
This other
2007 Sep 20
0
OpenSSH 4.7p1 - support the use of netgroups in AllowUsers and DenyUsers configuration options
Hello,
I have attached a small patch that enables OpenSSH 4.7p1 to use
netgroups for users and hosts entries in the AllowUsers and DenyUsers
configuration options in sshd_config.
This has the following advantages:
* hostnames or ip addresses don't have to be maintained in sshd_config,
but you can use meaningful names for groups of users and groups of
hosts.
* large scale installations can
2008 May 09
2
Problem, possibly bug with AllowUsers & DenyUsers
Hi there,
I have just compiled openssh-5.0 on Solaris 10, and am trying to set up
a certain pattern of user access control. Essentially, regular users
should be able to login from any network, while root should be able to
login only from a private network 192.168.88.0/22. Actually, for the
purpose of sshd_config, this is four networks, but that's another story...
Here is what I tried:
2003 Feb 16
2
AllowUsers Change
Markus, ignore the other stuff I sent.. I need to go back to bed and stop
trying to code.. <sigh>
For everone else.. Will this make everyone happy?
This does the follow.
it will always honor AllowUsers.
If there is no Allow/DenyGroups it stated they are not in allowUsers. IF
there are AllowDenyGroups it tries them. And then stated they are not in
either AllowUsers nor AllowGroups
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
A short while ago, I looked at using the AllowUsers configuration option
in openssh (v3.8p1 , but I believe this to be unchanged in 3.9p1) to
restrict access such that only specific remote machines could access
specific local accounts.
I swiftly discovered that
a) specifying wildcarded IP numbers to try to allow a useful IP range
was pointless: if I specified
AllowUsers joe at
2005 Mar 14
6
[Bug 999] AllowGroups ,DenyGroups failed to report hostname
http://bugzilla.mindrot.org/show_bug.cgi?id=999
Summary: AllowGroups ,DenyGroups failed to report hostname
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2011 May 20
0
Possible error in coding of AllowUsers / AllowGroups in ssh 5.8p2
What I was trying to do:
I wanted to use the AllowGroups facility to allow users in by group instead of listing individual usernames but also allow root only from a single central host.
Setup actions:
targetusername on target host has a secondary group entry of "staff".
Updated sshd_config to add the lines:
AllowUsers root at nimsrvr
AllowGroups staff
targertusername is NOT
2001 Jun 04
0
[patch] user@host in AllowUsers
This is a port of a patch I contributed to ssh 1.2.23 in May 1998. I
have missed the functionality after moving to OpenSSH so I have
updated the patch and hope OpenSSH might accept it.
The patch allows sshd_config to have lines like:
AllowUsers root at localhost
AllowUsers tridge@*
AllowUsers guest at 192.168.2.*
DenyUsers badguy@*
etc.
I found this useful for restricting users to only login
2005 May 26
1
OpenSSH 4.1 released
OpenSSH 4.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support to the project, especially those who contributed source and
bought T-shirts or
2001 Jun 18
2
Patch for changing expired passwords
The primary purpose of the attached patches is for portable OpenSSH to
support changing expired passwords as specified in shadow password files.
To support that, I did a couple enhancements to the base OpenBSD OpenSSH
code. They are:
1. Consolidated the handling of "forced_command" into a do_exec()
function in session.c. These were being handled inconsistently and
allocated
2000 Aug 25
0
problem with AllowUsers and AllowGroups
I do not know have you have already fixed problem when both AllowUsers and
AllowGroups have been defined.
Source package was: openssh-2.1.1-p1 (rpm version)
Problem is described in this example:
AllowGroups admins ssh
AllowUsers testuser
testusers primary group is users
User cannot login because his primary group wasn't admins or ssh... I have
included patch for this in this message. Hope
2005 Jun 28
2
more flexible AllowUsers/DenyUsers syntax
Hi,
I hope this is the right place for a feature request.
I'd like to have more flexible AllowUsers/DenyUsers synax.
I am in a situation, where I have machines connected to three
networks (a private, high speed, a public, and a private vpn) and I'd
like to enable root logins only on the private networks. Currently I
see no way of doing this, because there is no way to specify a
2005 May 26
4
OpenSSH 4.1 released
OpenSSH 4.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support to the project, especially those who contributed source and
bought T-shirts or
2009 Feb 10
1
sshd_config allows multiple AllowUsers lines?
Hi,
I've just been adding a few extra hosts to my sshd_config's AllowUsers, and
it's got a bit unwieldy.
As far as I can tell from the sshd_config(5) and ssh_config(5) man pages, the
*only* way to specify multiple AllowUsers patterns is on a single line,
separated by spaces. With more than 6 or 7 patterns it starts wrapping on to
multiple lines and gets hard to read, especially
2009 Nov 11
0
AllowUsers AllowGroups + WinBind
Hello,
I was hoping that someone could shed some light on this issue we are
having.
I'm trying to use AD groups to allow SSH access into the Linux boxes but
It doesn't seem to work.
We have:
AllowGroups unix_admins
AllowUsers joe at server1.domain.com
And doesn't work. If I remove the first one it works great joe can login
into the box from server1.
the end objective