[Bug 2282] When group member count exceeds 126, Match directives fail

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Oct 11 04:57:44 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2282

--- Comment #6 from rake74 at gmail.com ---
Here's the testing config. Again, I have removed the Address match part
to simplify things. Of course, this does mean I have edit the config
and restart to enable non-sftp connection with non-sftponly users. All
comments/blank lines stripped out:

Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
TCPKeepAlive yes
ClientAliveInterval 600
ClientAliveCountMax 3
MaxStartups 20
Subsystem sftp internal-sftp -l INFO
AllowGroups all it nondb
Match Group sftponly
        ChrootDirectory /cust/ftp/secure/%u
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp -l INFO
Match Group *,!sftponly
        ForceCommand echo 'External shell access denied.'

I still have this node around and can make further tests as
needed/requested.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list