I have a few seperate users on my server, one user for which I want to

dissallow ssh login. Now I've read the man page for sshd and I've read a lot

of the documentation on this, but I'm still not clear one one point. By

default, /etc/ssh/sshd.config shows all entries are commented out. I want to

add something like this:
AllowUsers user1, user2, user3
I added that in but also with an # in front like all the other entries. Now

I find that I can still ssh to the box with a user acct that I didn't

include in the entry. Should it be in there without the #? And if so, do I

also then have to uncomment all the other entries??
Thanks

Others have mentioned the correct syntax already.  One suggestion which

helps administration is to assign or revoke access (or other privileges)

based on groups rather than individual users.  In otherwords, make the

users members of a group and grant that group access.
It helps scalability, maintenance, and testing.
Regards,

-Lars
Lars NoodC)n (larsnooden@openoffice.org)

         Ensure access to your data now and in the future

         http://opendocumentfellowship.org/about_us/contribute

Hello,
On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote:
AllowUsers is a list of "user name patterns, separated by _spaces_".

Also take a look at the AllowGroups parameter.
--

Serge

Thanks for pointing me in the right direction, got it working properly now;

found out the hard way to separate users by whitespace only, NOT commas.
thanks

No, they're the default settings.
-- 
o--------------------------{ Will Maier }--------------------------o

| web:.......http://www.lfod.us/ | email.........willmaier@ml1.net |

*------------------[ BSD Unix: Live Free or Die ]------------------*

Hello,
everything is commented because these are the default settings. If you want to

change a setting you'll have to uncomment and change it.
Regards

  Hagen Volpers
-----Urspr|ngliche Nachricht-----

Von: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] Im Auftrag von

Jerome Santos

Gesendet: Montag, 26. Mdrz 2007 19:33

An: misc@openbsd.org

Betreff: sshd.config and AllowUsers
I have a few seperate users on my server, one user for which I want to

dissallow ssh login. Now I've read the man page for sshd and I've read a lot

of the documentation on this, but I'm still not clear one one point. By

default, /etc/ssh/sshd.config shows all entries are commented out. I want to

add something like this:
AllowUsers user1, user2, user3
I added that in but also with an # in front like all the other entries. Now

I find that I can still ssh to the box with a user acct that I didn't

include in the entry. Should it be in there without the #? And if so, do I

also then have to uncomment all the other entries??
Thanks

man sshd_config

In the first paragraph you will find the line "Lines starting with `#' and

empty lines are interpreted as comments." The default config file is full of

examples that are commented out which are the lines you see.
--

Tim Kuhlman

Network Administrator

ColoradoVnet.com