Re: Question regarding allow and deny users
From: James Dennis (firstname.lastname@example.org)
- Previous message: Roger: "Re: ssh connection with localhost.6010"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Feb 2003 09:52:34 -0500 From: James Dennis <email@example.com> To: Samaresh.Nair@nokia.com
> 1. If a user is put in allow user's list, can the same be put in the deny user's list also? If
> yes, then is the user allowed access by the sshd?
Bad idea, just don't do it.
> 2. If a user is not put in both the lists, is he given access rights? Lets say a user is not
> in the allow user's list, then by default (I guess thinking logically) he should not be given
> access rights, in that case, why do we have a deny user's list?
If there are no Allow/Deny directives all access is allowed (the
default). If you place AllowUsers james in sshd_config, then only james
is allowed to access the system and everyone else is denied. If you you
place DenyUsers james, the default of allowing everyone into the system
is still there, but james is denied.
See OpenSSH's mailing list archive for information regarding
questionable behavior of how Allow/Deny Users/Groups behaves. Ben
Lindstrom was kind enough to fix the behavior for OpenSSH's current
source and I modified his patch to work for OpenSSH's 3.5 release (I
just changed line numbers, Ben is still the code wizard).
Also, for any more confusion, please check the man. This stuff is
written up pretty clearly in there.
-- James Dennis Harvard Law School "Not everything that counts can be counted, and not everything that can be counted counts."