Re: Question regarding allow and deny users

Hello Samaresh,

> 1. If a user is put in allow user's list, can the same be put in the deny user's list also? If

Bad idea, just don't do it.

> 2. If a user is not put in both the lists, is he given access rights? Lets say a user is not

If there are no Allow/Deny directives all access is allowed (the default). If you place AllowUsers james in sshd_config, then only james is allowed to access the system and everyone else is denied. If you you place DenyUsers james, the default of allowing everyone into the system is still there, but james is denied.

See OpenSSH's mailing list archive for information regarding questionable behavior of how Allow/Deny Users/Groups behaves. Ben Lindstrom was kind enough to fix the behavior for OpenSSH's current source and I modified his patch to work for OpenSSH's 3.5 release (I just changed line numbers, Ben is still the code wizard).

Also, for any more confusion, please check the man. This stuff is written up pretty clearly in there.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config

-- 
James Dennis
Harvard Law School

"Not everything that counts can be counted,
and not everything that can be counted counts."