Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: sshd and pop/ftponly users incorrect configuration
From: cdi () THEWEBMASTERS NET (CDI)
Date: Mon, 14 Feb 2000 14:26:51 -0800


On Fri, 11 Feb 2000, Marc SCHAEFER wrote:

NAME
   sshd-restricted-users-incorrect-configuration


[snip]

IMMUNE CONFIGURATIONS
   You are immune to this problem if one (or more) of the following
   is true:

      - the group(s) where those users belong to is listed in
        /etc/ssh/sshd_config or equivalent configuration file as
           DenyGroups group1 group2  # etc
        (this is the recommended setup)

Just a quick note - it's much more accurate (not to mention secure) to use
'AllowGroups' rather than DenyGroups. If AllowGroups is set, then only if
a users primary group matches one of the specified group names are they
permitted to complete a connection attempt.

____________________________________
The Web Master's Net
http://www.thewebmasters.net/
Today's Excuse:
Someone is standing on the ethernet cable, causeing a kink in the cable


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault