sshd_config allows multiple AllowUsers lines?
Adam Spragg
adam.spragg at octaltelecom.co.uk
Wed Feb 11 05:15:02 EST 2009
Hi,
I've just been adding a few extra hosts to my sshd_config's AllowUsers, and
it's got a bit unwieldy.
As far as I can tell from the sshd_config(5) and ssh_config(5) man pages, the
*only* way to specify multiple AllowUsers patterns is on a single line,
separated by spaces. With more than 6 or 7 patterns it starts wrapping on to
multiple lines and gets hard to read, especially as the sshd_config file does
not support backslash newline continuation.
Searching the mailing list archives for AllowUsers, I came across a message
which implies that multiple DenyUsers (which I assume works the same as
AllowUsers) lines are permitted[0], and that they are equivalent to a single
concatenated DenyUsers line. Further, using multiple AllowUsers directives
appears to work.
But I can find no mention of this behaviour in the man pages.
So, is this guaranteed behaviour, or is it a quirk of the current
implementation? Is it possible that future implementations will change this
and only use the first AllowUsers directive, or possibly use only the last, or
some other behaviour?
If it is guaranteed behaviour, is it documented? If so, where? If not, should
it be?
Thanks,
Adam Spragg.
[0] http://marc.info/?l=openssh-unix-dev&m=112000646419696&w=2
--
Adam Spragg mailto:adam.spragg at octaltelecom.co.uk
Developer
Octal Telecom http://www.octaltelecom.co.uk/
It reverses the logical flow of conversation!
> Why?
> > No.
> > > Should I top post?
http://www.google.com/search?q=%22top+posting%22
More information about the openssh-unix-dev
mailing list