Re: sshd_config question.

To:	openssh-unix-dev@mindrot.org
Subject:	Re: sshd_config question.
From:	Peter Stuge <stuge-openssh-unix-dev@cdy.org>
Date:	Thu, 9 Nov 2006 17:41:18 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	openssh-unix-dev-list1@securepoint.com
Delivered-to:	openssh-unix-dev-tmda@mindrot.org
Delivered-to:	openssh-unix-dev@mindrot.org
In-reply-to:	<20061109001233.B82908@pemaquid.safeport.com>
List-archive:	<http://lists.mindrot.org/pipermail/openssh-unix-dev>
List-help:	<mailto:openssh-unix-dev-request@mindrot.org?subject=help>
List-id:	Development of portable OpenSSH <openssh-unix-dev.mindrot.org>
List-post:	<mailto:openssh-unix-dev@mindrot.org>
List-subscribe:	<http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=subscribe>
List-unsubscribe:	<http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=unsubscribe>
Mail-followup-to:	openssh-unix-dev@mindrot.org
References:	<20061109001233.B82908@pemaquid.safeport.com>
Sender:	openssh-unix-dev-bounces+openssh-unix-dev-list1=securepoint.com@mindrot.org

To:

openssh-unix-dev@mindrot.org

Subject:

Re: sshd_config question.

From:

Peter Stuge <stuge-openssh-unix-dev@cdy.org>

Date:

Thu, 9 Nov 2006 17:41:18 +0100

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

openssh-unix-dev-list1@securepoint.com

Delivered-to:

openssh-unix-dev-tmda@mindrot.org

Delivered-to:

openssh-unix-dev@mindrot.org

In-reply-to:

<20061109001233.B82908@pemaquid.safeport.com>

List-archive:

<http://lists.mindrot.org/pipermail/openssh-unix-dev>

List-help:

<mailto:openssh-unix-dev-request@mindrot.org?subject=help>

List-id:

Development of portable OpenSSH <openssh-unix-dev.mindrot.org>

List-post:

<mailto:openssh-unix-dev@mindrot.org>

List-subscribe:

<http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=subscribe>

List-unsubscribe:

<http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=unsubscribe>

Mail-followup-to:

openssh-unix-dev@mindrot.org

References:

<20061109001233.B82908@pemaquid.safeport.com>

Sender:

openssh-unix-dev-bounces+openssh-unix-dev-list1=securepoint.com@mindrot.org

On Thu, Nov 09, 2006 at 12:22:33AM -0500, doug@safeport.com wrote:
> I want to allow a single host root access via ssh. If the order of
> processing DenyUsers, AllowUsers were reversed this cold be done in
> a straight forward manner.
> 
> My question, is would adding an Apache-like derective Order
> Deny,Allow violate any standards or be a security problem?

Couldn't you use the Match keyword (new in 4.4 IIRC) to do this in an
even more straight forward manner? :)


//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

<Prev in Thread]	Current Thread	[Next in Thread>
sshd_config question., doug Re: sshd_config question., Peter Stuge <= Re: sshd_config question., Darren Tucker

Previous by Date:	sshd_config question., doug
Next by Date:	known plaintext attack, James Maniotis
Previous by Thread:	sshd_config question., doug
Next by Thread:	Re: sshd_config question., Darren Tucker
Indexes:	[Date] [Thread] [Top] [All Lists]