Re: sshd and pop/ftponly users incorrect configuration

From: CDI (cdiat_private)
Date: Mon Feb 14 2000 - 14:26:51 PST

Next message: Marc SCHAEFER: "Re: sshd and pop/ftponly users incorrect configuration"

Previous message: Alexandru Popa: "Re: FireWall-1 FTP Server Vulnerability"
Maybe in reply to: Marc SCHAEFER: "sshd and pop/ftponly users incorrect configuration"
Next in thread: Marc SCHAEFER: "Re: sshd and pop/ftponly users incorrect configuration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 11 Feb 2000, Marc SCHAEFER wrote:

> NAME
>    sshd-restricted-users-incorrect-configuration
>

[snip]

> IMMUNE CONFIGURATIONS
>    You are immune to this problem if one (or more) of the following
>    is true:
>
>       - the group(s) where those users belong to is listed in
>         /etc/ssh/sshd_config or equivalent configuration file as
>            DenyGroups group1 group2  # etc
>         (this is the recommended setup)

Just a quick note - it's much more accurate (not to mention secure) to use
'AllowGroups' rather than DenyGroups. If AllowGroups is set, then only if
a users primary group matches one of the specified group names are they
permitted to complete a connection attempt.

____________________________________
The Web Master's Net
http://www.thewebmasters.net/
Today's Excuse:
Someone is standing on the ethernet cable, causeing a kink in the cable

Next message: Marc SCHAEFER: "Re: sshd and pop/ftponly users incorrect configuration"
Previous message: Alexandru Popa: "Re: FireWall-1 FTP Server Vulnerability"
Maybe in reply to: Marc SCHAEFER: "sshd and pop/ftponly users incorrect configuration"
Next in thread: Marc SCHAEFER: "Re: sshd and pop/ftponly users incorrect configuration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:34:39 PDT