RE: EXTERNAL SENDER: Re: Cygwin openssh AllowGroups
Thanks for the suggestion. I discovered that AllowUsers and AllowGroups are applied via logical AND, not logical OR, as I expected. Thanks, Corinna! Best Regards, Dale Lobb From: Cygwin On Behalf Of Corinna Vinschen via Cygwin Sent: Friday, August 18, 2023 3:49 AM To: cygwin@cygwin.com Cc: Corinna Vinschen Subject: EXTERNAL SENDER: Re: Cygwin openssh AllowGroups On Aug 17 21: 11, Dale Lobb via Cygwin wrote: > Is there a known issue in Cygwin's implementation of openssh in the > AllowGroups clause of sshd_config? I cannot get it to work. It should work, just as AllowUsers. Maybe you should run On Aug 17 21:11, Dale Lobb via Cygwin wrote: > Is there a known issue in Cygwin's implementation of openssh in the > AllowGroups clause of sshd_config? I cannot get it to work. It should work, just as AllowUsers. Maybe you should run clinet and/or server with debugging on, to see what it does. Corinna -- Problem reports: https://urldefense.com/v3/__https://cygwin.com/problems.html__;!!PI4dZuVR!kacZAQE52eG-WMSOkCq99tpXUA56p01VYAFyv6ZstJ3cXUAZsYi3dIumSsfV-ZxJdYxJu4XHMcC0UKqI$ FAQ: https://urldefense.com/v3/__https://cygwin.com/faq/__;!!PI4dZuVR!kacZAQE52eG-WMSOkCq99tpXUA56p01VYAFyv6ZstJ3cXUAZsYi3dIumSsfV-ZxJdYxJu4XHMSRqqFfY$ Documentation: https://urldefense.com/v3/__https://cygwin.com/docs.html__;!!PI4dZuVR!kacZAQE52eG-WMSOkCq99tpXUA56p01VYAFyv6ZstJ3cXUAZsYi3dIumSsfV-ZxJdYxJu4XHMfocdziT$ Unsubscribe info: https://urldefense.com/v3/__https://cygwin.com/ml/*unsubscribe-simple__;Iw!!PI4dZuVR!kacZAQE52eG-WMSOkCq99tpXUA56p01VYAFyv6ZstJ3cXUAZsYi3dIumSsfV-ZxJdYxJu4XHMWJpcTVm$ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin openssh AllowGroups
On Aug 17 21:11, Dale Lobb via Cygwin wrote: > Is there a known issue in Cygwin's implementation of openssh in the > AllowGroups clause of sshd_config? I cannot get it to work. It should work, just as AllowUsers. Maybe you should run clinet and/or server with debugging on, to see what it does. Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Cygwin openssh AllowGroups
Is there a known issue in Cygwin's implementation of openssh in the AllowGroups clause of sshd_config? I cannot get it to work. I have a domain member server where I want to limit ssh logins to just members of a few groups. Without those limits, any domain user can log into the server. The AllowGroups clause of sshd_config appears tailor made for this purpose., But it does not work with either local groups or domains groups specified. The AllowUsers clause works as documented, but listing out all the possible users would be tedious at best. I've searched back through the Cygwin archives, and there was a fair amount of chatter about this very issue 15 years ago or more, but none of the posts mention a general solution, other than to create a /etc/passwd file and list the group as the user's primary group. But we aren't using /etc/passwd and /etc/group in Cygwin any more. And even if that is the solution, it just moves the maintenance of the list from sshd_config to the passwd file. Anyone know how to get openssh AllowGroups to work in a more generic way like it does on a true Linux system? Or am I barking up the wrong tree and no one uses Cygwin's openssh anymore? I saw a recent post to this mailing list where the questioner was told to install Microsoft's distribution of openssh. Best Regards, Dale CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
