Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: AllowUser, DenyUser don't work.

from [Kamchybek Jusupov] Network Security [Permanent Link]
Subject: Re: AllowUser, DenyUser don't work.
Date: Wed, 31 Jan 2007 12:35:01 +0800 
Hi MCG,

Don't know the reason why you want to enable remote root logins, but:

man sshd_config says:
---
AllowUsers
             This keyword can be followed by a list of user name
patterns, separated by spa- ces.  If specified, login is allowed only
for user names that match one of the patterns.  Only user names are
valid; a numerical user ID is not recognized.  By default, login is
allowed for all users.  If the pattern takes the form USER@HOST then
USER and HOST are separately checked, restricting logins to particular
users from particular hosts.  The allow/deny directives are processed
in the following order: DenyUsers, AllowUsers, DenyGroups, and finally
AllowGroups.
---

So, if you have "DenyUsers root" that's it - no root logins...


Better would be setup:
PermitRootLogin no
AllowUsers normaluserid

Get some help from "su -" and/or "sudo "


PS: Use ssh -vvv to get more debug messages...



On Tue, 30 Jan 2007 16:29:13 +0800 / MCG ZHUANG Liang wrote:
With a subject: AllowUser, DenyUser don't work.


 Hello, 
I try to restrict some kind of login through AllowUser and DenyUser
but failed.
openssh version: 4.5
What I want: disable root login from network outside 192.17.0.0 
 What I wrote into /etc/ssh/sshd_config
***************************
DenyUsers root
AllowUsers root@192.17.*
***************************
However, after that not only root can not login from anywhere, but all
the other accounts are also disabled 

Anything I did wrong?

Regards,
Zhuang Liang.

 

 

.




-- 
Rgds,
Kamchybek Jusupov

Attitude is no substitude for competence...
GPG Key: C565 2827 0858 ECFE 74D7  A556 7B09 59DA B6C8 FF8C
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: AllowUser, DenyUser don't work., Giancarlo Razzolini
Next by Date:  Re: AllowUser, DenyUser don't work., Kamchybek Jusupov
Previous by Thread:  Re: AllowUser, DenyUser don't work., Giancarlo Razzolini
Next by Thread:  Re: AllowUser, DenyUser don't work., Philipp Snizek
Indexes:  [Date] [Thread] [Top] [All Lists]