RE: restricted users

From: James Riden (james.riden@xtra.co.nz)
Date: 02/27/03

Next message: Greg Wooledge: "Re: restricted users"

Previous message: Hong Tian: "RE: restricted users"
In reply to: Hong Tian: "FW: restricted users"
Next in thread: Hong Tian: "RE: restricted users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "James Riden" <james.riden@xtra.co.nz>
To: "'Hong Tian'" <htian@ias.edu>, <secureshell@securityfocus.com>
Date: Thu, 27 Feb 2003 15:10:09 +1300

Hong,

Here's an entry from the manpage.

AllowUsers

This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
users names that match one of the patterns. `*' and `'? can be
used as wildcards in the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is
allowed for all users. If the pattern takes the form USER@HOST
then USER and HOST are separately checked, restricting logins to
particular users from particular hosts.

So,

AllowUsers jamesr

in the config file *should* (seems to on Debian) allow jamesr and
no-one else to log in via ssh.

Cheers,
Jamie

-- 
James Riden / james.riden@xtra.co.nz / jamesr@security-solutions.co.nz
http://www.security-solutions.co.nz/
-----Original Message-----
From: Hong Tian [mailto:htian@ias.edu] 
Sent: Thursday, 27 February 2003 1:51 p.m.
To: 'secureshell@securityfocus.com'
Subject: FW: restricted users
Jamie,
On my RedHat 7.3, there is no manual entry for sshd_config. But I try
AllowUsers and DenyUsers. It works good. 
The question now is that I have to deny more than 200 users and allow 10
users. I can't put so many users names on deny lists in sshd_config. I
try
to deny everyone then allow someone. But I don't know how to deny all. I
try
the followings, no one can deny all:
DenyUsers all                  => not works
DenyUsers ALL                  => not works
DenyUsers everyone             => not works 
DenyUsers user1                 => works!
AllowUsers user2 user3 user4    => works!
Do you know how to use DenyUsers to deny everyone?
Thanks,
Hong

Next message: Greg Wooledge: "Re: restricted users"
Previous message: Hong Tian: "RE: restricted users"
In reply to: Hong Tian: "FW: restricted users"
Next in thread: Hong Tian: "RE: restricted users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Problem with AllowUsers?
... >> AllowUsers esw, sidekick ... login is allowed only for ... > wildcards in the patterns. ... AllowUsers line, so I didn't think to look in the man pages. ...
(SSH)
Re: ssh password problem
... using rsa public keys. ... This keyword can be followed by a list of user name patterns, ... Login is disallowed for user names that ... The allow/deny directives are processed in the following ...
(Fedora)
Re: sshd attacks
... starts trying a user dictionary attack on sshd? ... ssh allows you to specify which users may login and you may further restrict it to a particular user from a particular host. ... This keyword can be followed by a list of user name patterns, ...
(comp.unix.bsd.freebsd.misc)
Re: Problem with AllowUsers?
... > AllowUsers esw, sidekick ... You can't separate users with comma, ... This keyword can be followed by a list of user name patterns, ... login is allowed only for ...
(SSH)
Re: Disabling access to SSH
... > but which ssh are you using? ... This keyword can be followed by a list of user name patterns, ... By default, login is ... then USER and HOST are separately checked, ...
(Debian-User)