[13840] in bugtraq
Re: sshd and pop/ftponly users incorrect configuration
daemon@ATHENA.MIT.EDU (CDI)
Tue Feb 15 15:52:40 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.95.1000214142352.22941A-100000@animal.blarg.net>
Date: Mon, 14 Feb 2000 14:26:51 -0800
Reply-To: CDI <cdi@THEWEBMASTERS.NET>
From: CDI <cdi@THEWEBMASTERS.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10002111717370.27486-100000@vulcan.alphanet.ch>
On Fri, 11 Feb 2000, Marc SCHAEFER wrote:
> NAME
> sshd-restricted-users-incorrect-configuration
>
[snip]
> IMMUNE CONFIGURATIONS
> You are immune to this problem if one (or more) of the following
> is true:
>
> - the group(s) where those users belong to is listed in
> /etc/ssh/sshd_config or equivalent configuration file as
> DenyGroups group1 group2 # etc
> (this is the recommended setup)
Just a quick note - it's much more accurate (not to mention secure) to use
'AllowGroups' rather than DenyGroups. If AllowGroups is set, then only if
a users primary group matches one of the specified group names are they
permitted to complete a connection attempt.
____________________________________
The Web Master's Net
http://www.thewebmasters.net/
Today's Excuse:
Someone is standing on the ethernet cable, causeing a kink in the cable
