Is there a known issue in Cygwin's implementation of openssh in the AllowGroups clause of sshd_config? I cannot get it to work.
I have a domain member server where I want to limit ssh logins to just members of a few groups. Without those limits, any domain user can log into the server. The AllowGroups clause of sshd_config appears tailor made for this purpose., But it does not work with either local groups or domains groups specified. The AllowUsers clause works as documented, but listing out all the possible users would be tedious at best. I've searched back through the Cygwin archives, and there was a fair amount of chatter about this very issue 15 years ago or more, but none of the posts mention a general solution, other than to create a /etc/passwd file and list the group as the user's primary group. But we aren't using /etc/passwd and /etc/group in Cygwin any more. And even if that is the solution, it just moves the maintenance of the list from sshd_config to the passwd file. Anyone know how to get openssh AllowGroups to work in a more generic way like it does on a true Linux system? Or am I barking up the wrong tree and no one uses Cygwin's openssh anymore? I saw a recent post to this mailing list where the questioner was told to install Microsoft's distribution of openssh. Best Regards, Dale ________________________________ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
