Carson Gaspar carson at
Thu Feb 6 10:47:39 EST 2003

--On Wednesday, February 05, 2003 5:03 PM -0600 Ben Lindstrom 
<mouring at> wrote:

> I think we need to discuss the usage of it before jumping the gun and
> changing it.
> WHY do do you have 256 AllowUser?   Is it a case where you would be better
> off with 20 DenyUser lines?
> I'd rather see the code (which I think would not be too much of a problem)
> be dynamically allocated if it really needs to be upped, but I think we
> are running into the case of abuse of a feature without understanding it.

DenyUser is almost always a bad idea. Explicit permits are much better than 
denies - denies fail to take account of new users, and fail open, rather 
than fail closed.


More information about the openssh-unix-dev mailing list