AllowUsers not working under certain conditions
Donald Fraser
demolish at kiwi-fraser.net
Fri Nov 18 05:55:03 EST 2005
Thanks for the reply Darren,
Darren Tucker wrote:
> On Thu, Nov 17, 2005 at 12:50:53PM -0000, Donald Fraser wrote:
> [...]
> > The second problem is not present on the oppenssh-3.5p1-6 but is present
on
> > the later version oppenssh-3.9p1-8.
> [snip description]
>
> An explanation for this one does not immediately spring to mind.
The first problem I can live with, as there is a way around that one.
The second is not so easy to live with, I therefore have included the output
of the log that shows where it is failing.
I cut the log down to show the differences between failure and pass, rather
than the whole log file which tends to be rather large:
Nov 17 14:26:40 develop sshd[9301]: debug3: monitor_read: checking request 7
Nov 17 14:26:40 develop sshd[9301]: debug3: mm_answer_pwnamallow
Nov 17 14:26:40 develop sshd[9301]: User AUser not allowed because not
listed in AllowUsers
Nov 17 14:26:40 develop sshd[9301]: debug3: mm_answer_pwnamallow: sending
MONITOR_ANS_PWNAM: 0
Nov 17 14:26:40 develop sshd[9301]: debug3: mm_request_send entering: type 8
and when it passes by placing the exact IP address in the AllowUsers
section.
Nov 17 16:45:13 develop sshd[9575]: debug3: monitor_read: checking request 7
Nov 17 16:45:13 develop sshd[9575]: debug3: mm_answer_pwnamallow
Nov 17 16:45:13 develop sshd[9575]: debug3: mm_answer_pwnamallow: sending
MONITOR_ANS_PWNAM: 1
Nov 17 16:45:13 develop sshd[9575]: debug3: mm_request_send entering: type 8
Additional notes:
The user name "AUser" in the AllowUsers section does contain Upper and Lower
case letters.
The domain name returned from the reverse IP address look-up is of the form:
IP-IP-IP-IP.dyn.somedomain.com, where IP are numbers that represent the IP
address.
If you think having the whole log will be of help then I can attach that.
In the mean time I'll try and pin point the problem further by looking at
the code myself.
Regards
Donald Fraser
More information about the openssh-unix-dev
mailing list