[Bug 1546] sshd_config DenyUsers does not recognize negated host properly

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Jan 8 02:15:54 EST 2009


--- Comment #1 from Eric Sisson <eric.sisson at gmail.com>  2009-01-08 02:15:53 ---
I had posted a message to openssh-unix-dev on this issue, and I
received a reply suggesting that instead of modifying the code of
OpenSSH to recognize my sshd_config configuration directive

  DenyUsers oracle@!localhost.localdomain

I should specify instead

  DenyUsers oracle@*,!localhost.localdomain

I have tried this and it does work. However, this seems less direct and
obvious than my (unsuccessful) specification, and I still think that
mine should be allowed to work. I will admit that my proposed change
may have unintended consequences.

At this point, I am not sure whether the problem properly may be
described as a logic error in the code, obscure semantics of the
pattern-matching algorithm, or incomplete documentation of the
pattern-matching specifications.

I will defer to the judgement of the OpenSSH team on how best to handle
this situation.

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list