* Cygwin openssh AllowGroups
@ 2023-08-17 21:11 Dale Lobb
2023-08-18 8:49 ` Corinna Vinschen
0 siblings, 1 reply; 3+ messages in thread
From: Dale Lobb @ 2023-08-17 21:11 UTC (permalink / raw)
To: cygwin
Is there a known issue in Cygwin's implementation of openssh in the AllowGroups clause of sshd_config? I cannot get it to work.
I have a domain member server where I want to limit ssh logins to just members of a few groups. Without those limits, any domain user can log into the server. The AllowGroups clause of sshd_config appears tailor made for this purpose., But it does not work with either local groups or domains groups specified. The AllowUsers clause works as documented, but listing out all the possible users would be tedious at best.
I've searched back through the Cygwin archives, and there was a fair amount of chatter about this very issue 15 years ago or more, but none of the posts mention a general solution, other than to create a /etc/passwd file and list the group as the user's primary group. But we aren't using /etc/passwd and /etc/group in Cygwin any more. And even if that is the solution, it just moves the maintenance of the list from sshd_config to the passwd file.
Anyone know how to get openssh AllowGroups to work in a more generic way like it does on a true Linux system?
Or am I barking up the wrong tree and no one uses Cygwin's openssh anymore? I saw a recent post to this mailing list where the questioner was told to install Microsoft's distribution of openssh.
Best Regards,
Dale
________________________________
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Cygwin openssh AllowGroups
2023-08-17 21:11 Cygwin openssh AllowGroups Dale Lobb
@ 2023-08-18 8:49 ` Corinna Vinschen
2023-08-24 14:56 ` EXTERNAL SENDER: " Dale Lobb
0 siblings, 1 reply; 3+ messages in thread
From: Corinna Vinschen @ 2023-08-18 8:49 UTC (permalink / raw)
To: cygwin
On Aug 17 21:11, Dale Lobb via Cygwin wrote:
> Is there a known issue in Cygwin's implementation of openssh in the
> AllowGroups clause of sshd_config? I cannot get it to work.
It should work, just as AllowUsers. Maybe you should run clinet and/or
server with debugging on, to see what it does.
Corinna
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: EXTERNAL SENDER: Re: Cygwin openssh AllowGroups
2023-08-18 8:49 ` Corinna Vinschen
@ 2023-08-24 14:56 ` Dale Lobb
0 siblings, 0 replies; 3+ messages in thread
From: Dale Lobb @ 2023-08-24 14:56 UTC (permalink / raw)
To: cygwin; +Cc: Corinna Vinschen
Thanks for the suggestion. I discovered that AllowUsers and AllowGroups are applied via logical AND, not logical OR, as I expected. Thanks, Corinna!
Best Regards,
Dale Lobb
From: Cygwin <cygwin-bounces+dale.lobb=bryanhealth.org@cygwin.com> On Behalf Of Corinna Vinschen via Cygwin
Sent: Friday, August 18, 2023 3:49 AM
To: cygwin@cygwin.com
Cc: Corinna Vinschen <corinna-cygwin@cygwin.com>
Subject: EXTERNAL SENDER: Re: Cygwin openssh AllowGroups
On Aug 17 21: 11, Dale Lobb via Cygwin wrote: > Is there a known issue in Cygwin's implementation of openssh in the > AllowGroups clause of sshd_config? I cannot get it to work. It should work, just as AllowUsers. Maybe you should run
On Aug 17 21:11, Dale Lobb via Cygwin wrote:
> Is there a known issue in Cygwin's implementation of openssh in the
> AllowGroups clause of sshd_config? I cannot get it to work.
It should work, just as AllowUsers. Maybe you should run clinet and/or
server with debugging on, to see what it does.
Corinna
--
Problem reports: https://urldefense.com/v3/__https://cygwin.com/problems.html__;!!PI4dZuVR!kacZAQE52eG-WMSOkCq99tpXUA56p01VYAFyv6ZstJ3cXUAZsYi3dIumSsfV-ZxJdYxJu4XHMcC0UKqI$
FAQ: https://urldefense.com/v3/__https://cygwin.com/faq/__;!!PI4dZuVR!kacZAQE52eG-WMSOkCq99tpXUA56p01VYAFyv6ZstJ3cXUAZsYi3dIumSsfV-ZxJdYxJu4XHMSRqqFfY$
Documentation: https://urldefense.com/v3/__https://cygwin.com/docs.html__;!!PI4dZuVR!kacZAQE52eG-WMSOkCq99tpXUA56p01VYAFyv6ZstJ3cXUAZsYi3dIumSsfV-ZxJdYxJu4XHMfocdziT$
Unsubscribe info: https://urldefense.com/v3/__https://cygwin.com/ml/*unsubscribe-simple__;Iw!!PI4dZuVR!kacZAQE52eG-WMSOkCq99tpXUA56p01VYAFyv6ZstJ3cXUAZsYi3dIumSsfV-ZxJdYxJu4XHMWJpcTVm$
________________________________________
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-08-24 14:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-17 21:11 Cygwin openssh AllowGroups Dale Lobb
2023-08-18 8:49 ` Corinna Vinschen
2023-08-24 14:56 ` EXTERNAL SENDER: " Dale Lobb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).