Re: AllowUsers issue



On 1/20/06, Vladimir Levijev <vladimir.levijev@xxxxxxxxx> wrote:

Hi,

> > > You forgot to mention the DenyUsers part:
> > >
> > > DenyUsers '*'
> > > AllowUsers myuser
> >
> > I think you'll find that'll stop any users matching the DenyUsers pattern
> > (ie all of them).
> >
> > You only need AllowUsers; if set then users not matching it (or
> > AllowGroups) will be denied.
>
> Why don't you try, before you "think". Or at least, read the fine
> manual. Here is a hint:
>
> man sshd_config | grep Users -A9

Sorry, my bad. It appeared, that parameter takes values without the
quotes. So it acts really strange way if you add '*' (quoted) value.
When I tested what I've proposed (I've tested it with unprivileged
user and root, adding unprivileged user to AllowUsers) I could not
login with root any longer (usually I can) but could with the user. So
it looked like it works. Now I figured if I add * (unquoted) value to
DenyUsers it denies all. And the option AllowUsers works fine (accept
only listed) alone.

My apologies,

--
[vl@dimir]#



Relevant Pages

  • Re: AllowUser, DenyUser dont work.
    ... As per the section below, if you have "DenyUsers root", it will be ... even if you add "AllowUsers root@host"... ... remote backups even if root login is normally not ...
    (SSH)
  • Re: AllowUser, DenyUser dont work.
    ... disable root login from network outside 192.17.0.0 ... you don't need the DenyUsers line. ... If you specify AllowUsers then ...
    (SSH)
  • RE: AllowUser, DenyUser dont work.
    ... Subject: AllowUser, DenyUser don't work. ... disable root login from network outside 192.17.0.0 What ... AllowUsers you@thehostyourecomingfrom ...
    (SSH)
  • Re: root trying to ssh but being denied
    ... > listed in AllowUsers ... If it were root from ... It's a script kiddie having found that your IP ... is to move the SSH server to another port. ...
    (comp.os.linux.security)