tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: clarify order of AllowUsers/DenyUsers vs

Browse Source 
AllowGroups/DenyGroups; bz1690, ok markus@

OpenBSD-Commit-ID: 5637584ec30db9cf64822460f41b3e42c8f9facd
This commit is contained in:
djm@openbsd.org 2020-01-25 22:36:22 +00:00 committed by Damien Miller
parent 022ce92fa0
commit bf986a9e27
1 changed files with 7 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
sshd_config.5
View File

@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.300 2020/01/25 07:09:14 tedu Exp $ .\" $OpenBSD: sshd_config.5,v 1.301 2020/01/25 22:36:22 djm Exp $
.Dd $Mdocdate: January 25 2020 $ .Dd $Mdocdate: January 25 2020 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
@ -113,11 +113,8 @@ If specified, login is allowed only for users whose primary
group or supplementary group list matches one of the patterns. group or supplementary group list matches one of the patterns.
Only group names are valid; a numerical group ID is not recognized. Only group names are valid; a numerical group ID is not recognized.
By default, login is allowed for all groups. By default, login is allowed for all groups.
The allow/deny directives are processed in the following order: The allow/deny groups directives are processed in the following order:
.Cm DenyUsers ,
.Cm AllowUsers ,
.Cm DenyGroups , .Cm DenyGroups ,
and finally
.Cm AllowGroups . .Cm AllowGroups .
.Pp .Pp
See PATTERNS in See PATTERNS in
@ -173,12 +170,9 @@ are separately checked, restricting logins to particular
users from particular hosts. users from particular hosts.
HOST criteria may additionally contain addresses to match in CIDR HOST criteria may additionally contain addresses to match in CIDR
address/masklen format. address/masklen format.
The allow/deny directives are processed in the following order: The allow/deny users directives are processed in the following order:
.Cm DenyUsers , .Cm DenyUsers ,
.Cm AllowUsers , .Cm AllowUsers .
.Cm DenyGroups ,
and finally
.Cm AllowGroups .
.Pp .Pp
See PATTERNS in See PATTERNS in
.Xr ssh_config 5 .Xr ssh_config 5
@ -552,11 +546,8 @@ Login is disallowed for users whose primary group or supplementary
group list matches one of the patterns. group list matches one of the patterns.
Only group names are valid; a numerical group ID is not recognized. Only group names are valid; a numerical group ID is not recognized.
By default, login is allowed for all groups. By default, login is allowed for all groups.
The allow/deny directives are processed in the following order: The allow/deny groups directives are processed in the following order:
.Cm DenyUsers ,
.Cm AllowUsers ,
.Cm DenyGroups , .Cm DenyGroups ,
and finally
.Cm AllowGroups . .Cm AllowGroups .
.Pp .Pp
See PATTERNS in See PATTERNS in
@ -573,12 +564,9 @@ are separately checked, restricting logins to particular
users from particular hosts. users from particular hosts.
HOST criteria may additionally contain addresses to match in CIDR HOST criteria may additionally contain addresses to match in CIDR
address/masklen format. address/masklen format.
The allow/deny directives are processed in the following order: The allow/deny users directives are processed in the following order:
.Cm DenyUsers , .Cm DenyUsers ,
.Cm AllowUsers , .Cm AllowUsers .
.Cm DenyGroups ,
and finally
.Cm AllowGroups .
.Pp .Pp
See PATTERNS in See PATTERNS in
.Xr ssh_config 5 .Xr ssh_config 5