X-Spam-Check-By: sourceware.org From: "Wes S" To: cygwin AT cygwin DOT com Date: Sun, 01 Jan 2006 02:46:07 -0500 MIME-Version: 1.0 Subject: Re: sshd_conf and local groups Message-ID: <43B7426F.24565.11EC28@localhost> In-reply-to: <43B70EBF.70306@cygwin.com> References: <43B6BFC9 DOT 4630 DOT 2942A6 AT localhost> Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-BCN: Meridius 1000 Version 3.2 on smtp.acecomgroup.com X-BCN-Sender: wess AT acegroup DOT cc X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On 31 Dec 2005 at 18:05, Larry Hall (Cygwin) wrote: > Wes S wrote: > > I'm trying to lock down ssh access. I use exim for a mail server so > > I have a bunch of accounts on my w2k box. I don't want most to be > > able to use ssh. [snip] > I'm confused by your apparent confusion of the above. If you read the > man page for sshd_config as you suggested you did, you should understand > that any account that doesn't belong to the ssh_allow group will be > denied access. Presumably, you didn't add "administrator" to this > group. Also make sure you have an "administrator" account ("Administrator" > is the default account and isn't the same). I did add administrator. Actually Administrator as you point out. W/o the AllowGroups I can ssh using either administrator or Administrator. Ssh doesn't care. I did try logging in as Administrator though. Just for grins, I added wess to the group ssh_allow and tried logging in before / after uncommenting AllowGroups. Can not log in when AllowGroups is uncommented. Wes S -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/