I have a few seperate users on my server, one user for which I want to
dissallow ssh login. Now I've read the man page for sshd and I've read a lot
of the documentation on this, but I'm still not clear one one point. By
default, /etc/ssh/sshd.config shows all entries are commented out. I want to
add something like this:

AllowUsers user1, user2, user3

I added that in but also with an # in front like all the other entries. Now
I find that I can still ssh to the box with a user acct that I didn't
include in the entry. Should it be in there without the #? And if so, do I
also then have to uncomment all the other entries??

Thanks

[ message continues ]

man sshd_config
In the first paragraph you will find the line "Lines starting with `#' and 
empty lines are interpreted as comments." The default config file is full of 
examples that are commented out which are the lines you see.

-- 
Tim Kuhlman
Network Administrator
ColoradoVnet.com

[ message continues ]

Hello,

everything is commented because these are the default settings. If you want to
change a setting you'll have to uncomment and change it.


Regards
  Hagen Volpers

-----Urspr|ngliche Nachricht-----
Von: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] Im Auftrag von
Jerome Santos
Gesendet: Montag, 26. Mdrz 2007 19:33
An: misc@openbsd.org
Betreff: sshd.config and AllowUsers

I have a few seperate users on my server, one user for which I want to
dissallow ssh login. Now I've read the man page for sshd and I've read a lot
of the documentation on this, but I'm still not clear one one point. By
default, /etc/ssh/sshd.config shows all entries are commented out. I want to
add something like this:

AllowUsers user1, user2, user3

I added that in but also with an # in front like all the other entries. Now
I find that I can still ssh to the box with a user acct that I didn't
include in the entry. Should it be in there without the #? And if so, do I
also then have to uncomment all the other entries??

Thanks

[ message continues ]

No, they're the default settings.

-- 

o--------------------------{ Will Maier }--------------------------o
| web:.......http://www.lfod.us/ | email.........willmaier@ml1.net |
*------------------[ BSD Unix: Live Free or Die ]------------------*

[ message continues ]

Hello,

On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote:


AllowUsers is a list of "user name patterns, separated by _spaces_".
Also take a look at the AllowGroups parameter.

-- 
Serge

[ message continues ]

Thanks for pointing me in the right direction, got it working properly now;
found out the hard way to separate users by whitespace only, NOT commas.

thanks


[ message continues ]

Others have mentioned the correct syntax already.  One suggestion which
helps administration is to assign or revoke access (or other privileges)
based on groups rather than individual users.  In otherwords, make the
users members of a group and grant that group access.

It helps scalability, maintenance, and testing.

Regards,
-Lars

Lars NoodC)n (larsnooden@openoffice.org)
         Ensure access to your data now and in the future
         http://opendocumentfellowship.org/about_us/contribute

[ message continues ]