Multiple AllowGroup lines in sshd_config?
thuning at dsv.su.se
Thu Mar 2 19:11:40 AEDT 2023
I'm experimenting with migrating the custom sshd_config settings for our
(Debian bullseye, openssh-server 8.4) server environment into fragments
under sshd_config.d/, and am wondering about sshd's behaviour when
encountering multiple AllowGroup lines.
The manual states "For each keyword, the first obtained value will be
used.", so that gives me the impression that any lines after the first
should be ignored. However, my testing seems to contradict this - if I
have two lines granting access to different groups, both groups get access.
So it seems like these are equivalent:
> AllowGroups foo bar
> AllowGroups foo
> AllowGroups bar
Is this behaviour to be expected? It could of course also be Debian
introducing special behaviour, but I thought I should check here first.
More information about the openssh-unix-dev