Displaying 20 results from an estimated 2000 matches similar to: "Multiple AllowGroup lines in sshd_config?"
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone,
After discussing the AllowGroups I think I've discovered a bug.
The system is a solaris 8 system and the problem is that when I use
AllowGroups with no AllowUsers args, the proper actions happen. Same
with AllowUsers and no AllowGroups. When I try to combine the two, none
of the Allow directives seem to take.
Is it just me or maybe a bug?
-James
2010 Dec 23
2
Multiple AllowGroups entries in sshd_config with Puppet and Augeas
Hi,
After extensively looking into puppet + augeas for managing the
AllowGroups in sshd_config, I came to the conclusion that it won''t
work as I expected :( So I''m sharing my thoughts here.
The main objective is allowing multiple groups per-node, depending on
what the security team wants. Since I want this to be dynamic, I
created a define in a class:
class ssh::server::config
2009 Apr 24
2
AllowGroup no longer a Valid option for SSHD
Hi,
Can anyone else confirm that AllowGroup is no longer an accepted
configuration option for openssh-server-4.3p2-29.el5. And is this
intended or should I be submitting a Bug Report ?
Thanks
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised
to find that one cannot be used to override the other. For example:
AllowGroups administrators
AllowUsers john
If john is *not* part of the administrators group, then access is being denied.
Is this the expected behaviour? This would force me to create another group just
for ssh, something like ssh-admins.
This other
2014 Oct 10
1
[Bug 2292] New: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters
https://bugzilla.mindrot.org/show_bug.cgi?id=2292
Bug ID: 2292
Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups,
AllowGroups should actually tell how the evaluation
order matters
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
2020 Jul 18
2
[Bug 3193] New: Add separate section in sshd_config man page on Access Control
https://bugzilla.mindrot.org/show_bug.cgi?id=3193
Bug ID: 3193
Summary: Add separate section in sshd_config man page on Access
Control
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2010 Aug 15
4
FreeNx doesn't work?
I have installed freenx with this article
http://wiki.centos.org/HowTos/FreeNX
but when I use freenx-client on windows to connect to server,
I always get an "freenx Authentication failed."
client err log output as this:
NX> 203 NXSSH running with pid: 1584
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
https://bugzilla.mindrot.org/show_bug.cgi?id=1690
Summary: AllowUsers and DenyGroups directives are not parsed in
the order specified
Product: Portable OpenSSH
Version: 5.3p1
Platform: ix86
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: trivial
Priority: P2
Component:
2003 Jun 10
2
SecurID authentication for 3.6.1p2 with privsep
Hello all,
I have made SecurID authentication for OpenSSH 3.6.1p2.
This patch was totaly rewritten, so please test it before use.
Kbd-int authentication is now integrated into challenge response
auth.
Privsep is now fully suported.
PS: What do you think of selective access to the individual
authentications, similar to AllowGroups/DenyGroups or maybe
AllowUsers/DenyUsers ?
Vaclav Tomec
2011 Aug 15
3
Bug#637923: Tweak to ssh rules to ignore AllowGroups denial
Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial
Package: logcheck-database
Version: 1.3.13
Severity: minor
*** Please type your report below this line ***
Similar to how AllowUsers denials are ignored, also ignore AllowGroups:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of
2015 Apr 28
0
[Bug 2391] New: Enhance AllowGroups documentation in man page
https://bugzilla.mindrot.org/show_bug.cgi?id=2391
Bug ID: 2391
Summary: Enhance AllowGroups documentation in man page
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee:
2005 Mar 14
6
[Bug 999] AllowGroups ,DenyGroups failed to report hostname
http://bugzilla.mindrot.org/show_bug.cgi?id=999
Summary: AllowGroups ,DenyGroups failed to report hostname
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2012 Aug 10
1
AllowUsers "logic" and failure to indicate bad configuration
I smacked into this previously reported bug today whereby an invalid
keyword in the Match{} stanza did not throw an error on configuration
reload. Are there any plans to fix this? Likewise the penchant for some
fields to be comma separated and others to be spaces is just asking for
mistakes. Why not support both and be done with it? There was no response
(that I saw in the archives) to this post
2009 Mar 02
31
Using Augeas type to update sshd_config's AllowGroups
Hey gang,
I seem to be having a brain disconnect on how to get the Augeas type to
manage things that have multiple values (i.e. an Augeas tree) via Puppet.
If I run this in augtool:
augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser
augtool> save
I see this in /etc/ssh/sshd_config:
AllowGroups sshuser
However, if I try this in an Augeas type:
augeas {
2013 Jun 18
0
Problems in slogin.1, sshd_config.5, ssh_config.5
This is automatically generated email about markup problems in a man
page for which you appear to be responsible. If you are not the right
person or list, please tell me so I can correct my database.
See http://catb.org/~esr/doclifter/bugs.html for details on how and
why these patches were generated. Feel free to email me with any
questions. Note: These patches do not change the modification
2004 Oct 02
12
[Bug 938] "AllowGroups" option and secondary user's groups limit
http://bugzilla.mindrot.org/show_bug.cgi?id=938
Summary: "AllowGroups" option and secondary user's groups limit
Product: Portable OpenSSH
Version: 3.9p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at
2016 Apr 11
1
SerNet - Samba 4.3 and ssh password logins
Hai,
I have
AllowGroups sshlinux, sshwindows
Add at least 1 user in the linux group and at least 1 in the sshwindows group.
Make sure the sshwindows group have a GID.
And make sure the windows user loggin in in ssh als have a UID.
AND for both, UID 1000+ ( which is in debian the default PAM setting ) .
This is base on a "MEMBER" server.
If you do :
getent windowsuser
You
2003 Feb 16
2
AllowUsers Change
Markus, ignore the other stuff I sent.. I need to go back to bed and stop
trying to code.. <sigh>
For everone else.. Will this make everyone happy?
This does the follow.
it will always honor AllowUsers.
If there is no Allow/DenyGroups it stated they are not in allowUsers. IF
there are AllowDenyGroups it tries them. And then stated they are not in
either AllowUsers nor AllowGroups
2023 Jun 16
2
using spn with winbind
Hi,
with sssd i can do:
$ ssh user at domain.tld@HOST1
$ id user at domain.tld
$ ls -al /home/domain.tld/user
drwx------ 5 user at domain.tld domain users at domain.tld 103 12. Jun 14:14 .
$ grep AllowGroups /etc/ssh/sshd_config
AllowGroups lokale_gruppe samba_gruppe at domain.tld
When switching to winbind only
$ id user at domain.tld
is working any other command is using user\domain
$ ls -al
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote:
> It's very hard to figure out what is happening here without a debug log.
>
> You can get one by stopping the listening sshd and running it manually
> in debug mode, e.g. "/usr/sbin/sshd -ddd"
Or starting one in debug mode on a different port, e.g. "-p99 -ddd"