| delorie.com/archives/browse.cgi | search |
| X-Spam-Check-By: | sourceware.org |
| Message-ID: | <43B70EBF.70306@cygwin.com> |
| Date: | Sat, 31 Dec 2005 18:05:35 -0500 |
| From: | "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com> |
| Reply-To: | cygwin AT cygwin DOT com |
| User-Agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050929 Thunderbird/1.0.7 Fedora/1.0.7-1.1.fc4 Mnenhy/0.7.3.0 |
| MIME-Version: | 1.0 |
| To: | Wes S <wess AT acegroup DOT cc> |
| CC: | cygwin AT cygwin DOT com |
| Subject: | Re: sshd_conf and local groups |
| References: | <43B6BFC9 DOT 4630 DOT 2942A6 AT localhost> |
| In-Reply-To: | <43B6BFC9.4630.2942A6@localhost> |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Wes S wrote:
> I'm trying to lock down ssh access. I use exim for a mail server so
> I have a bunch of accounts on my w2k box. I don't want most to be
> able to use ssh.
>
> So reading the man file for sshd_config I added to the following
> entry to sshd_config:
>
> #wrs 20051231 restrict email only nt accounts from ssh
> AllowGroups ssh_allow
>
> I added a local group using administration / computer management
>
> I imported into my /etc/group file:
> ssh_allow:S-1-5-21-1801674531-688789844-1060284298-1007:1007:
>
> Windows shows it as:
> C:\Documents and Settings\Administrator>net localgroup
>
> Aliases for \\BAREFOOT
>
> -------------------------------------------------------------------------------
> *Administrators *Backup Operators *Guests
> *Power Users *Replicator *ssh_allow
> *Test *Users
> The command completed successfully.
>
>
> Attempting to ssh into my pc:
> Administrator AT barefoot ~
> $ ssh -l administrator 127.0.0.1
> administrator AT 127 DOT 0 DOT 0 DOT 1's password:
> Permission denied, please try again.
> administrator AT 127 DOT 0 DOT 0 DOT 1's password:
>
> Commenting out AllowGroups ssh_allow and restarting sshd lets me log
> in just fine.
>
> A clue would be welcome. The install was updated after I ran into
> these problems at 14:30 Eastern today.
I'm confused by your apparent confusion of the above. If you read the
man page for sshd_config as you suggested you did, you should understand
that any account that doesn't belong to the ssh_allow group will be
denied access. Presumably, you didn't add "administrator" to this
group. Also make sure you have an "administrator" account ("Administrator"
is the default account and isn't the same).
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
838 Washington Street (508) 893-9889 - FAX
Holliston, MA 01746
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |