Bugtraq mailing list archives

Re: sshd and pop/ftponly users incorrect configuration

From: cdi () THEWEBMASTERS NET (CDI)
Date: Mon, 14 Feb 2000 14:26:51 -0800


On Fri, 11 Feb 2000, Marc SCHAEFER wrote:

NAME
   sshd-restricted-users-incorrect-configuration


[snip]

IMMUNE CONFIGURATIONS
   You are immune to this problem if one (or more) of the following
   is true:

      - the group(s) where those users belong to is listed in
        /etc/ssh/sshd_config or equivalent configuration file as
           DenyGroups group1 group2  # etc
        (this is the recommended setup)


Just a quick note - it's much more accurate (not to mention secure) to use
'AllowGroups' rather than DenyGroups. If AllowGroups is set, then only if
a users primary group matches one of the specified group names are they
permitted to complete a connection attempt.

____________________________________
The Web Master's Net
http://www.thewebmasters.net/
Today's Excuse:
Someone is standing on the ethernet cable, causeing a kink in the cable

Current thread:

sshd and pop/ftponly users incorrect configuration Marc SCHAEFER (Feb 11)
- Re: sshd and pop/ftponly users incorrect configuration CDI (Feb 14)
- Re: sshd and pop/ftponly users incorrect configuration Theo de Raadt (Feb 15)
- <Possible follow-ups>
- Re: sshd and pop/ftponly users incorrect configuration Marc SCHAEFER (Feb 15)