[Bug 2282] When group member count exceeds 126, Match directives fail
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Oct 11 04:57:44 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2282
--- Comment #6 from rake74 at gmail.com ---
Here's the testing config. Again, I have removed the Address match part
to simplify things. Of course, this does mean I have edit the config
and restart to enable non-sftp connection with non-sftponly users. All
comments/blank lines stripped out:
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
TCPKeepAlive yes
ClientAliveInterval 600
ClientAliveCountMax 3
MaxStartups 20
Subsystem sftp internal-sftp -l INFO
AllowGroups all it nondb
Match Group sftponly
ChrootDirectory /cust/ftp/secure/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -l INFO
Match Group *,!sftponly
ForceCommand echo 'External shell access denied.'
I still have this node around and can make further tests as
needed/requested.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list