Re: Problem with AllowUsers?

From: Harald Nesland (maillists-hn_at_interweb.no)
Date: 12/09/04

  • Next message: Eric Wagar: "Re: Problem with AllowUsers?"
    Date: Thu, 09 Dec 2004 17:05:22 +0100
    To: Eric Wagar <eric@deadhookers.org>
    
    

    Eric Wagar wrote:
    > AllowUsers esw, sidekick
    >
    > As you can see, the other user has my public key also. So, for the time
    > being, I have a backdoor.
    >
    > Now, why can't I get in as myself, esw?

    Hi!

    You can't separate users with comma, only spaces.

    I would also recommend to use the AllowGroups instead, and create a
    "ssh"-group so you add users to the group.

    *AllowUsers*
    This keyword can be followed by a list of user name patterns, separated
    by spaces. If specified, login is allowed only for
    user names that match one of the patterns. '*' and '?' can be used as
    wildcards in the patterns. Only user names are valid;
    a numerical user ID is not recognized. By default, login is allowed for
    all users. If the pattern takes the form USER@HOST
    then USER and HOST are separately checked, restricting logins to
    particular users from particular hosts.

    Cheers,

    Harald Nesland

    -- 
       _____        __ ┌---------------------┬---------------------------┐
      |_ _\ \      / / | Harald Nesland      | email: harald@interweb.no |
       | | \ \ /\ / /  | Interweb Norge AS   | t l f: +47 380 58 200     |
       | |  \ V  V /   | Ăgirsvei 10         | f a x: +47 380 58 201     |
      |___|  \_/\_/    | 4630 Kristiansand   | p g p: 0 x 43951F95       |
      www.interweb.no  └---------------------┴---------------------------┘
    

  • Next message: Eric Wagar: "Re: Problem with AllowUsers?"

    Relevant Pages

    • Re: Problem with AllowUsers?
      ... >> AllowUsers esw, sidekick ... login is allowed only for ... > wildcards in the patterns. ... AllowUsers line, so I didn't think to look in the man pages. ...
      (SSH)
    • Re: ssh password problem
      ... using rsa public keys. ... This keyword can be followed by a list of user name patterns, ... Login is disallowed for user names that ... The allow/deny directives are processed in the following ...
      (Fedora)
    • Re: brain operation as science
      ... But it never is something separate from the parts that make it up. ... We see spatial-temporal patterns. ... Yes, but again, you are talking as if the redness _experience_ were ... fact that the brain is too complex (too many parts we don't have accurate ...
      (comp.ai.philosophy)
    • Re: sshd attacks
      ... starts trying a user dictionary attack on sshd? ... ssh allows you to specify which users may login and you may further restrict it to a particular user from a particular host. ... This keyword can be followed by a list of user name patterns, ...
      (comp.unix.bsd.freebsd.misc)
    • RE: restricted users
      ... This keyword can be followed by a list of user name patterns, ... By default, login is ... AllowUsers jamesr ... I can't put so many users names on deny lists in sshd_config. ...
      (SSH)