Portable OpenSSH 3.7.1p2 released

Andrea Barisani lcars at infis.univ.trieste.it
Wed Sep 24 02:27:41 EST 2003

> Changes since OpenSSH 3.7.1p1:
> ==============================
> * This release disables PAM by default. To enable it, set "UsePAM yes" in 
>   sshd_config. Due to complexity, inconsistencies in the specification and
>   differences between vendors' PAM implementations we recommend that PAM 
>   be left disabled in sshd_config unless there is a need for its use. 
>   Sites using only public key or simple password authentication usually 
>   have little need to enable PAM support.


right now PAM is widely use with the pam_listfile.so module to grant access
for specific users only from certain hosts (es. root is allowed only from

I beleive that this is not possible with AllowUsers and DenyUsers unless some
! (negation) operator is introduced in the configuration. That's because

AllowUsers * root at

or other variations won't work.

Do you think would be possible adding such feature or is there any other way
I'm missing for doing that :).

Bye and thanks

INFIS Network Administrator & Security Officer         .*. 
Department of Physics       - University of Trieste    /V\
lcars at infis.univ.trieste.it - PGP Key 0x8E21FE82      (/ \)
----------------------------------------------------  (   )
"How would you know I'm mad?" said Alice.             ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."

More information about the openssh-unix-dev mailing list